Amazon Web Services

whoAMI attacks give hackers code execution on Amazon EC2 instances

February 16, 2025February 16, 2025 geekfeed0Tagged amazon, Amazon Web Services, attack, AWS, Cloud, Cloud Security, Code Execution

Security researchers discovered a name confusion attack that allows access to an Amazon Web Services account to anyone that publishes an Amazon Machine Image (AMI) with a specific name. Dubbed “whoAMI,” the attack was crafted by DataDog researchers in August 2024, who demonstrated that it’s possible for attackers to gain code execution within AWS accounts by exploiting how […]

4 mins read

Malicious PyPI package with 37,000 downloads steals AWS keys

November 10, 2024November 10, 2024 geekfeed0Tagged Amazon Web Services, Amazon Web Services credentials, AWS, AWS keys, Credential Theft, malicious Python package, PyPI, Python, Python Package Index

A malicious Python package named ‘fabrice’ has been present in the Python Package Index (PyPI) since 2021, stealing Amazon Web Services credentials from unsuspecting developers. According to application security company Socket, the package has been downloaded more than 37,000 times and executes platform-specific scripts for Windows and Linux. The large number of downloads is accounted by fabrice typosquatting the […]

2 mins read

AWS, Azure auth keys found in Android and iOS apps used by millions

October 23, 2024October 23, 2024 geekfeed0Tagged Amazon Web Services, android, apple, AWS, Azure, Cloud, Exposed, ios, iphone, Microsoft Azure, mobile

Multiple popular mobile applications for iOS and Android come with hardcoded, unencrypted credentials for cloud services like Amazon Web Services (AWS) and Microsoft Azure Blob Storage, exposing user data and source code to security breaches. Exposing this type of credentials can easily lead to unauthorized access to storage buckets and databases with sensitive user data. Apart from […]

3 mins read