amazon
Amazon AI coding agent hacked to inject data wiping commands
A hacker planted data wiping code in a version of Amazon’s generative AI-powered assistant, the Q Developer Extension for Visual Studio Code. Amazon Q is a free extension that uses generative AI to help developers code, debug, create documentation, and set up custom configurations. It is available on Microsoft’s Visual Code Studio (VCS) marketplace, where it counts nearly one […]
Ring denies breach after users report suspicious logins
Ring is warning that a backend update bug is responsible for customers seeing a surge in unauthorized devices logged into their account on May 28th. On May 28th, many Ring customers reported seeing unusual devices logged into their accounts from various locations worldwide, leading them to believe their accounts had been hacked. Last week, Ring […]
Hackers target SSRF bugs in EC2-hosted sites to steal AWS credentials
A targeted campaign exploited Server-Side Request Forgery (SSRF) vulnerabilities in websites hosted on AWS EC2 instances to extract EC2 Metadata, which could include Identity and Access Management (IAM) credentials from the IMDSv1 endpoint. Retrieving IAM credentials allows attackers to escalate their privileges and access S3 buckets or control other AWS services, potentially leading to sensitive data exposure, […]
AWS rolls out ML-KEM to secure TLS from quantum threats
Amazon Web Services (AWS) has added support for the ML-KEM post-quantum key encapsulation mechanism to AWS Key Management Service (KMS), AWS Certificate Manager (ACM), and AWS Secrets Manager, making TLS connections more secure. ML-KEM (Module-Lattice-based Key Encapsulation Mechanism) is a post-quantum cryptographic algorithm designed to secure key exchanges from the perceived, yet still theoretical threat of […]
Hijacked Microsoft web domain injects spam into SharePoint servers
The legacy domain for Microsoft Stream was hijacked to show a fake Amazon site promoting a Thailand casino, causing all SharePoint sites with old embedded videos to display it as spam. Microsoft Stream is an enterprise video streaming service that allows organizations to upload and share videos in Microsoft 365 apps, such as Teams and […]
Click Profit blocked by the FTC over alleged e-commerce scams
The US Federal Trade Commission (FTC) has taken action against the “Click Profit” business opportunity platform for allegedly earning $14 million while deceiving consumers with false promises of guaranteed passive income through online stores. Click Profit is an online business paltform promoted on social media and through websites that claims to help consumers generate passive income […]
whoAMI attacks give hackers code execution on Amazon EC2 instances
Security researchers discovered a name confusion attack that allows access to an Amazon Web Services account to anyone that publishes an Amazon Machine Image (AMI) with a specific name. Dubbed “whoAMI,” the attack was crafted by DataDog researchers in August 2024, who demonstrated that it’s possible for attackers to gain code execution within AWS accounts by exploiting how […]
Amazon Redshift gets new default settings to prevent data breaches
Amazon has announced key security enhancements for Redshift, a popular data warehousing solution, to help prevent data exposures due to misconfigurations and insecure default settings. Redshift is widely used by enterprises for business intelligence and big data analytics for data warehousing, competing with Google BigQuery, Snowflake, and Azure Synapse Analytics. It’s valued for its petabyte-scale […]
Ransomware abuses Amazon AWS feature to encrypt S3 buckets
A new ransomware campaign encrypts Amazon S3 buckets using AWS’s Server-Side Encryption with Customer Provided Keys (SSE-C) known only to the threat actor, demanding ransoms to receive the decryption key. The campaign was discovered by Halcyon, who reported that a threat actor named “Codefinger” had encrypted at least two victims. However, the operation could escalate or the […]
Android malware found on Amazon Appstore disguised as health app
A malicious Android spyware application named ‘BMI CalculationVsn’ was discovered on the Amazon Appstore, masquerading as a simple health tool but stealing data from infected devices in the background. The application was discovered by McAfee Labs researchers, who notified Amazon, leading to the application being removed from the store. However, those who installed the app must manually […]