A new ransomware campaign encrypts Amazon S3 buckets using AWS's Server-Side Encryption with Customer Provided Keys (SSE-C) known only to the threat actor, demanding ransoms to receive the ...

Researchers from Halycon recently observed multiple victims, all AWS native software developers, being attacked this way. In the attack, the group, dubbed Codefinger, accessed their victims ...

In a separate study by Rhino Labs, where it tested 10,000 AWS S3 buckets used by Alexa top 10,000 sites, found 107 S3 buckets (1.1 percent) were misconfigured. Solving the problem is easy.

Vickery discovered the unsecured buckets on Sept. 17, finding the databases contained confidential API data, customer information and certificates. The largest exposed server contained more than 137 ...

Attackers can gain access to AWS accounts or sensitive data by creating in advance S3 storage buckets with predictable names that will be automatically used by various services and tools.

Advice to protect S3 buckets. There are, however, a few things AWS customers’ IT administrators can do: use the Condition element in IAM (identity and access management) policies to prevent the ...

AWS S3 buckets are secure by default, so in the absence of a targeted attack by a cyber criminal, which cannot necessarily be ruled out in this instance, their contents can only be revealed ...

Researchers from Halycon recently observed multiple victims, all AWS native software developers, being attacked this way. In the attack, the group, dubbed Codefinger, accessed their victims ...