#S3Bucket – Xynik

Honeypot Surprise: Researchers Catch Attackers Exposing 15,000 Stolen Credentials in S3 Bucket

October 31, 2024 by Xynik

October 31, 2024 at 08:37AM Sysdig researchers discovered a misconfigured S3 bucket linked to EmeraldWhale, revealing 1.5 terabytes of stolen credentials and scripts. This incident led to the exposure of 15,000 stolen credentials, highlighting significant security vulnerabilities. ### Meeting Notes Summary: 1. **Incident Detected**: Sysdig researchers identified a significant misconfiguration in an S3 bucket linked … Read more

AWS Cloud Development Kit Vulnerability Exposes Users to Potential Account Takeover Risks

October 24, 2024 by Xynik

October 24, 2024 at 10:06AM Cybersecurity researchers revealed a vulnerability in the AWS Cloud Development Kit that could allow account takeover. The flaw, linked to predictable S3 bucket names, could enable attackers to manipulate CloudFormation templates. AWS addressed this in July 2024, advising users to customize naming patterns to enhance security. ### Meeting Takeaways 1. … Read more

AWS Patches Vulnerabilities Potentially Allowing Account Takeovers

August 8, 2024 by Xynik

August 8, 2024 at 06:30AM AWS recently addressed potentially critical vulnerabilities, including flaws that could have allowed attackers to take over accounts, disclosed by Aqua Security at Black Hat. The security holes could have enabled arbitrary code execution, account control, data exposure, DoS attacks, data exfiltration, and AI model manipulation in AWS services such as … Read more