August 16, 2024 at 12:39PM A recent extortion campaign targeted organizations by exploiting publicly accessible .env files with cloud and social media credentials. The attackers used AWS environments to scan over 230 million targets, compromised over 90,000 unique variables, and conducted phishing and ransom activities. The campaign demonstrated advanced cloud knowledge, evasion techniques, and financial … Read more
August 8, 2024 at 08:07AM Aqua Security researchers discovered six critical vulnerabilities in Amazon Web Services (AWS) that could have allowed remote code execution, exfiltration, denial of service attacks, and account takeovers. Attack methods such as “Bucket Monopoly” and “Shadow Resources” were uncovered and reported to AWS, which rolled out mitigations between March and June. … Read more
March 1, 2024 at 01:09AM GitHub has announced the default activation of secret scanning push protection for all public repository pushes. This feature identifies over 200 token types from more than 180 service providers to prevent fraudulent use. The move comes as a response to ongoing “repo confusion” attacks targeting GitHub, aiming to thwart malicious … Read more
February 16, 2024 at 06:45AM A Python script called SNS Sender is being utilized to send fraudulent SMS messages through AWS SNS, posing as messages from USPS to trick users into disclosing personal and payment information. The tool leverages AWS SNS to conduct SMS spamming attacks and is linked to a threat actor named ARDUINO_DAS. … Read more
January 16, 2024 at 08:36PM The FBI and CISA warn that cybercriminals are leveraging old vulnerabilities to deploy Androxgh0st malware, targeting .env files containing user credentials for AWS, Microsoft Office 365, SendGrid, and Twilio. The malware can be used to steal data, execute code remotely, and create new AWS users and instances. Mitigations include updating … Read more