AWS

Pierluigi Paganini November 28, 2022
Experts found a vulnerability in AWS AppSync

Amazon Web Services (AWS) fixed a cross-tenant vulnerability that could have allowed attackers to gain unauthorized access to resources. Amazon Web Services (AWS) has addressed a cross-tenant confused deputy problem in its platform that could have allowed threat actors to gain unauthorized access to resources. The problem was reported to the company by researchers from […]

Pierluigi Paganini April 10, 2021
This man was planning to kill 70% of Internet in a bomb attack against AWS

The FBI arrested a man for allegedly planning a bomb attack against Amazon Web Services (AWS) to kill about 70% of the internet. The FBI arrested Seth Aaron Pendley (28), from Texas, for allegedly planning to launch a bomb attack against Amazon Web Services (AWS) data center on Smith Switch Road in Ashburn, Virginia. The […]

Pierluigi Paganini January 10, 2021
TeamTNT botnet now steals Docker API and AWS credentials

Researchers from Trend Micro discovered that the TeamTNT botnet is now able to steal Docker API logins along with AWS credentials. Researchers from Trend Micro discovered that the TeamTNT botnet was improved and is now able to steal also Docker credentials. The TeamTNT botnet is a crypto-mining malware operation that has been active since April […]

Pierluigi Paganini October 25, 2019
DDoS Attack on Amazon Web Services caused intermittently outage

This week Amazon Web Services (AWS) suffered a major distributed denial-of-service (DDoS) attack that made it unavailable for some customers. This week, threat actors launched a massive DDoS attack against Amazon Web Services (AWS) causing the inability of some customers to access their AWS S3 buckets. Users were intermittently unable to access online services relying […]

Pierluigi Paganini July 13, 2019
Magecart group infected over 17,000 domains via unprotected AWS S3 Buckets

The Magecart continues to target websites worldwide, it infected over 17,000 domains by targeting improperly secured Amazon S3 buckets.  The Magecart gang made the headlines again, according to a new report published by RiskIQ, it has infected over 17,000 domains by targeting improperly secured Amazon S3 buckets.  A few days ago, security experts at Sanguine Security have […]

Pierluigi Paganini June 29, 2019
Attunity data leak: Netflix, Ford, TD Bank data exposed by Open AWS Buckets

Attunity data integration and big data management firm exposed a significant amount of sensitive data through unprotected Amazon S3 buckets. Data integration and big data management firm Attunity exposed a significant amount of sensitive data through unprotected Amazon S3 buckets. The company, owned by Qlik, provides solutions to over 2,000 enterprises and half of the […]

Pierluigi Paganini May 03, 2019
Ladders Database Exposed 13M User Records

Employment-recruitment site Ladders exposed 13M User Records Employment-recruitment site Ladders exposed left online a misconfigured AWS-hosted database that contained 13 million user records. Sanyam Jain, a security researcher and a member of the GDI Foundation, discovered a database belonging to the employment-recruitment site Ladders left exposed online on a misconfigured AWS-hosted database. The archive contained 13 […]

Pierluigi Paganini August 12, 2018
Unsecured AWS S3 Bucket exposed sensitive data on 31,000 GoDaddy servers

UpGuard discovered an unsecured GoDaddy’s Amazon S3 bucket containing sensitive information related to more than 31,000 GoDaddy systems. Experts at cybersecurity firm UpGuard have reported that another big company was victim of a data leak, it is the domain name registrar and web hosting company GoDaddy. The popular UpGuard’s risk analyst Chris Vickery discovered an unsecured […]

Pierluigi Paganini April 15, 2018
TrueMove H, the biggest 4G mobile operator in Thailand suffered a data leak

TrueMove H, the biggest 4G mobile operator in Thailand suffered a data leak, 46000 people’s data store on an AWS bucked were left on accessible online, including driving licenses and passports. Let’s speak about a new data breach, this time the victim is TrueMove H, the biggest 4G mobile operator in Thailand. The operator exposed online […]

Pierluigi Paganini January 15, 2018
Spectre/Meltdown patches had a significant impact on SolarWinds’s AWS infrastructure

Analysis conducted by SolarWinds on the impact on the performance of the Spectre/Meltdown patches on its own Amazon Web Services infrastructure revealed serious performance degradation. SolarWinds, the vendor of IT Management Software & Monitoring Tools, has analyzed the impact on the performance of Meltdown and Spectre security patches on its own Amazon Web Services infrastructure. The […]