S3 Bucket – Page 2 – WindowsTechs.com

Automated Magecart spree hit thousands of sites via misconfigured cloud servers, RiskIQ says

Posted on July 11, 2019 by Jeff Stone

One of the most notorious e-commerce scams has expanded into a “mass compromise” that preys on vulnerable cloud infrastructure to skim data from thousands of websites, according researchers with security vendor RiskIQ. Hackers using so-called Magecart techniques have infiltrated more than 17,000 sites by sneaking into misconfigured cloud repositories, reports the San Francisco-based company. The crooks are automatically scanning the web for vulnerable Amazon Web Services S3 buckets and adding malicious code that captures financial information, the researchers say. While AWS does have automatic protections for S3 buckets, it’s common for the repositories to be misconfigured and thus vulnerable to outsiders. Many e-commerce sites use S3 buckets to store sensitive data. The thieves started compromising insecure buckets in April, RiskIQ says. This campaign, which RiskIQ says has affected websites in Alexa’s top 2,000 internet rankings, is the latest Magecart-style attack after previous incidents at British Airways, Ticketmaster, and other international shipping sites. “Magecart” doesn’t refer to a single cybercriminal gang, but a style […]

The post Automated Magecart spree hit thousands of sites via misconfigured cloud servers, RiskIQ says appeared first on CyberScoop.

Continue reading Automated Magecart spree hit thousands of sites via misconfigured cloud servers, RiskIQ says→

Third-party Facebook apps left people’s data publicly exposed, researchers say

Posted on April 3, 2019 by Joe Warminsky

Two separate exposures of sensitive information about Facebook users are the latest alarming discoveries by researchers at UpGuard. In both cases, the operators of third-party apps that connected to Facebook were storing data about people in Amazon Web Services S3 buckets configured for public access, said UpGuard, a Silicon Valley-based security company known for identifying misconfigured cloud services. One database originated with Mexico-based Cultura Colectiva, while the other was stored by the makers of an app called “At the Pool.” Both had been secured by Wednesday, UpGuard said. The Cultura Cultiva is the bigger of the two exposures, including 146 gigabytes of information about comments, likes, reactions, account names, Facebook IDs and more, UpGuard said. The “At the Pool” discovery, while not nearly as large, “contains plaintext (i.e. unprotected) Facebook passwords for 22,000 users,” UpGuard said. The company appears to have ceased operation in 2014, but this “should offer little consolation to the app’s end users whose […]

The post Third-party Facebook apps left people’s data publicly exposed, researchers say appeared first on CyberScoop.

Continue reading Third-party Facebook apps left people’s data publicly exposed, researchers say→

App Developers Left 540 Million Facebook Users’ Records on the Public Internet

Posted on April 3, 2019 by Joseph Cox

The exposures didn’t come from Facebook itself, but do show how data generated by one company can end up exposed thanks to another service. Continue reading App Developers Left 540 Million Facebook Users’ Records on the Public Internet→

Hundreds of thousands of voter records found exposed on misconfigured server: report

Posted on July 18, 2018 by Zaid Shoorbajee

Yet another misconfigured Amazon S3 bucket has exposed the sensitive information of unsuspecting people. This time, hundreds of thousands of voters’ information was left open for the taking by a Virginia robocalling firm called Robocent, according to Bob Diachenko, a security researcher at cybersecurity firm Kromtech. Diachenko wrote in a LinkedIn blog post Wednesday that he discovered a trove of about 26,000 files, including audio files with pre-recorded political messages and spreadsheets containing voter information, in the leaky server. The voter data, according to Diachenko, includes names, phone numbers, addresses, political affiliations, birth dates, genders, jurisdictions and some demographic information. The Robocent files were accessible to anyone who did a specialized web search for “voters,” said Diachenko. By the time it was identified by Kromtech, the server had already been indexed by GrayhatWarfare, another website that scans the internet for open S3 buckets. Diachenko says he disclosed the finding to Robocent […]

The post Hundreds of thousands of voter records found exposed on misconfigured server: report appeared first on Cyberscoop.

Continue reading Hundreds of thousands of voter records found exposed on misconfigured server: report→

GDPR will change how companies work with cloud providers

Posted on March 1, 2018 by Greg Otto

One of the bigger stipulations in GDPR is that third-party service providers, including companies who run the ever-ubiquitous cloud, will also be responsible for following the correct protocols when it comes to protecting EU citizen data. Yet just as companies keep throwing everything into the cloud, we are seeing errors in the way they safeguard personally identifiable data. If you have been following the work of Chris Vickery, you know how easily these errors can be found. Vickery, ‎director of cyber risk research for California-based Upguard, has been finding misconfigured cloud instances all over the internet. Just in the past year, Vickery identified these openly discoverable instances associated with a Florida credit monitoring firm, media behemoth Viacom, and even at the Department of Defense. Each finding had enough PII to keep privacy officers sleepless for weeks. While they were all based in America, Vickery recently came across a similar breach at French marketing firm Octoly, which caters […]

The post GDPR will change how companies work with cloud providers appeared first on Cyberscoop.

Continue reading GDPR will change how companies work with cloud providers→

AWS Makes Permissions Check Feature Free to Prevent S3 Bucket Breaches

Posted on February 21, 2018 by David Bisson

Amazon Web Services (AWS) has made its Permissions Check feature freely available to help customers prevent an S3 bucket breach. On 20 February, Amazon made the announcement in a news update: AWS Trusted Advisor now helps all customers better secure th… Continue reading AWS Makes Permissions Check Feature Free to Prevent S3 Bucket Breaches→

Experts Warn Too Often AWS S3 Buckets Are Misconfigured, Leak Data

Posted on July 13, 2017 by Tom Spring

An analysis of Amazon Web Services storage containers reveals troubling trend of misconfigured S3 buckets that leak data. Continue reading Experts Warn Too Often AWS S3 Buckets Are Misconfigured, Leak Data→