Collaborate Disseminate
By Deeba Ahmed
Threat actors have been taking over abandoned S3 buckets to launch malicious binaries, steal login credentials and more.
This is a post from HackRead.com Read the original post: Supply Chain Attack: Abandoned S3 Buckets Used for Maliciou… Continue reading Supply Chain Attack: Abandoned S3 Buckets Used for Malicious Payloads
Knowing exactly who manages a certain cloud service can be valuable information for malicious hackers, and a cybersecurity company says it has found that kind of weakness in products run by one of the biggest cloud providers. More than 20 application programming interfaces (API) associated with 16 Amazon Web Services products can be abused to give up basic information about users and their roles, according to Unit 42, the research arm of cybersecurity giant Palo Alto Networks. “A malicious actor may obtain the roster of an account, learn the organization’s internal structure” and then perhaps “launch targeted attacks against individuals,” Unit 42 researcher Jay Chen says in a report released Tuesday morning. Palo Alto Networks says AWS gave permission to release the research. The problem is within a feature that validates “resource-based policies” for things like the commonly used Amazon Simple Storage Service (S3), Unit 42 says. A resource-based policy is basically a […]
The post Sneaky recon on roster of AWS users is possible, Unit 42 says appeared first on CyberScoop.
Continue reading Sneaky recon on roster of AWS users is possible, Unit 42 says
The security team at Twilio, a cloud communications company that claimed over $1 billion in revenue last year, could breathe a sigh of relief on Sunday night. Earlier in the day, someone had manipulated the code in a software product that Twilio customers use to route calls and other communications. The breach resembled a Magecart-style attack that skims websites for users’ financial data. Twilio cleaned up the code hours later, and said there was no sign the attackers had accessed customer data. But the damage could have been worse if the attack had been targeted, multiple security experts told CyberScoop. With access to the code, which was sitting in an unsecured Amazon cloud storage service known as an S3 bucket, the attackers could have conducted phishing attacks or distributed malware through the platform, according to Yonathan Klijnsma, head of threat research at security company RiskIQ. Dave Kennedy, founder of cybersecurity […]
The post Twilio breach spotlights struggle to keep corporate software kits out of the wrong hands appeared first on CyberScoop.
A popular baby monitor has been found riddled with vulnerabilities that give attackers full access to personal information and sensitive video footage. Continue reading RSAC 2020: Another Smart Baby Monitor Vulnerable to Remote Hackers
A web-mapping project came across detainees’ prescriptions and other PII that could be used by identity thieves to victimize prisoners. Continue reading Data about inmates and jail staff spilled by leaky prison app
There was no months-old, unpatched Apache flaw. A S3 bucket wasn’t publicly accessible to anyone with an internet connection. There was no effort to hide what happened behind the company’s bug bounty program. When taken at face value, the Capital One breach looks awfully similar to other massive security failures that have made national news in the past few years. But while people fixate on the amount of information taken, there are some in cybersecurity circles that see a silver lining in the way the bank has handled the incident. Multiple security experts told CyberScoop that while the incident is clearly severe and there are still questions that need to be answered, actions taken by the Virginia-based bank — who did not respond to CyberScoop’s request for comment — prevented this breach from becoming another example of extreme corporate cybersecurity negligence. “While it’s tempting to knock Capital One for this […]
The post What Capital One’s cybersecurity team did (and did not) get right appeared first on CyberScoop.
Continue reading What Capital One’s cybersecurity team did (and did not) get right
One of the most notorious e-commerce scams has expanded into a “mass compromise” that preys on vulnerable cloud infrastructure to skim data from thousands of websites, according researchers with security vendor RiskIQ. Hackers using so-called Magecart techniques have infiltrated more than 17,000 sites by sneaking into misconfigured cloud repositories, reports the San Francisco-based company. The crooks are automatically scanning the web for vulnerable Amazon Web Services S3 buckets and adding malicious code that captures financial information, the researchers say. While AWS does have automatic protections for S3 buckets, it’s common for the repositories to be misconfigured and thus vulnerable to outsiders. Many e-commerce sites use S3 buckets to store sensitive data. The thieves started compromising insecure buckets in April, RiskIQ says. This campaign, which RiskIQ says has affected websites in Alexa’s top 2,000 internet rankings, is the latest Magecart-style attack after previous incidents at British Airways, Ticketmaster, and other international shipping sites. “Magecart” doesn’t refer to a single cybercriminal gang, but a style […]
The post Automated Magecart spree hit thousands of sites via misconfigured cloud servers, RiskIQ says appeared first on CyberScoop.
Two separate exposures of sensitive information about Facebook users are the latest alarming discoveries by researchers at UpGuard. In both cases, the operators of third-party apps that connected to Facebook were storing data about people in Amazon Web Services S3 buckets configured for public access, said UpGuard, a Silicon Valley-based security company known for identifying misconfigured cloud services. One database originated with Mexico-based Cultura Colectiva, while the other was stored by the makers of an app called “At the Pool.” Both had been secured by Wednesday, UpGuard said. The Cultura Cultiva is the bigger of the two exposures, including 146 gigabytes of information about comments, likes, reactions, account names, Facebook IDs and more, UpGuard said. The “At the Pool” discovery, while not nearly as large, “contains plaintext (i.e. unprotected) Facebook passwords for 22,000 users,” UpGuard said. The company appears to have ceased operation in 2014, but this “should offer little consolation to the app’s end users whose […]
The post Third-party Facebook apps left people’s data publicly exposed, researchers say appeared first on CyberScoop.
Continue reading Third-party Facebook apps left people’s data publicly exposed, researchers say
The exposures didn’t come from Facebook itself, but do show how data generated by one company can end up exposed thanks to another service. Continue reading App Developers Left 540 Million Facebook Users’ Records on the Public Internet
Yet another misconfigured Amazon S3 bucket has exposed the sensitive information of unsuspecting people. This time, hundreds of thousands of voters’ information was left open for the taking by a Virginia robocalling firm called Robocent, according to Bob Diachenko, a security researcher at cybersecurity firm Kromtech. Diachenko wrote in a LinkedIn blog post Wednesday that he discovered a trove of about 26,000 files, including audio files with pre-recorded political messages and spreadsheets containing voter information, in the leaky server. The voter data, according to Diachenko, includes names, phone numbers, addresses, political affiliations, birth dates, genders, jurisdictions and some demographic information. The Robocent files were accessible to anyone who did a specialized web search for “voters,” said Diachenko. By the time it was identified by Kromtech, the server had already been indexed by GrayhatWarfare, another website that scans the internet for open S3 buckets. Diachenko says he disclosed the finding to Robocent […]
The post Hundreds of thousands of voter records found exposed on misconfigured server: report appeared first on Cyberscoop.