110K domains targeted in ‘sophisticated’ AWS cloud extortion campaign
August 21, 2024 at 01:27PM Cyble Security researchers found 110,000 domains targeted by attackers exploiting misconfigured .env files, exposing cloud access keys and SaaS API keys. Attackers targeted unsecured web applications, accessed IAM keys, and escalated privileges to gain unfettered access. Cloud users are urged to follow best practices and avoid committing .env files to … Read more