October 24, 2024 at 06:42PM Amazon Web Services resolved a critical vulnerability in its Cloud Development Kit (CDK), which allowed potential account hijacking through predictable S3 bucket names. Discovered by Aqua, the flaw affected about 1% of users. AWS has implemented changes in version v2.149.0 to enhance security, requiring user action for older versions. **Meeting … Read more
October 24, 2024 at 06:06PM The AWS Cloud Development Kit (CDK) has a vulnerability due to its predictable S3 bucket naming during deployment, potentially allowing unauthorized access. Researchers from Aqua found this affects about 1% of users. They advise modifying bucket names and emphasize not using predictable patterns to prevent exploitation. ### Meeting Takeaways: 1. … Read more
January 8, 2024 at 09:14AM A misconfigured object storage system at Iranian crypto exchange bit24.cash exposed personal details of 230,000 citizens. Researchers found unprotected and open S3 buckets storing users’ verification documents, including consent letters, passport information, and credit card details. However, bit24.cash assured no evidence of a breach and confirmed securing the storage instance. … Read more