AWS
Amazon: Ongoing cryptomining campaign uses hacked AWS accounts
Amazon’s AWS GuardDuty security team is warning of an ongoing crypto-mining campaign that targets its Elastic Compute Cloud (EC2) and Elastic Container Service (ECS) using compromised credentials for Identity and Access Management (IAM). The operation started on November 2nd and employed a persistence mechanism that extended mining operations and hindered incident responders. The threat actor used a Docker […]
Amazon disrupts Russian GRU hackers attacking edge network devices
The Amazon Threat Intelligence team has disrupted active operations attributed to hackers working for the Russian foreign military intelligence agency, the GRU, who targeted customers’ cloud infrastructure. The cloud services provider observed a focus on Western critical infrastructure, especially the energy sector, in activity that started in 2021. Over time, the threat actor pivoted from exploiting […]
Amazon: This week’s AWS outage caused by major DNS failure
Amazon says a major DNS failure was behind a massive AWS (Amazon Web Services) outage that took down many websites and online services on Monday. As GeekFeed reported earlier this week, this incident impacted a critical Northern Virginia data center in the US-EAST-1 region, affecting users worldwide, including the United States and Europe, for over […]
Crimson Collective hackers target AWS cloud instances for data theft
The ‘Crimson Collective’ threat group has been targeting AWS (Amazon Web Services) cloud environments for the past weeks, to steal data and extort companies. The hackers claimed responsibility for the recent Red Hat attack, saying that they exfiltrated 570 GB of data from thousands of private GitLab repositories, and pressured the software company to pay a ransom. Following […]
Amazon disrupts Russian APT29 hackers targeting Microsoft 365
Researchers have disrupted an operation attributed to the Russian state-sponsored threat group Midnight Blizzard, which sought access to Microsoft 365 accounts and data. Also known as APT29, the hacker group compromised websites in a watering hole campaign to redirect selected targets “to malicious infrastructure designed to trick users into authorizing attacker-controlled devices through Microsoft’s device code […]
Amazon AI coding agent hacked to inject data wiping commands
A hacker planted data wiping code in a version of Amazon’s generative AI-powered assistant, the Q Developer Extension for Visual Studio Code. Amazon Q is a free extension that uses generative AI to help developers code, debug, create documentation, and set up custom configurations. It is available on Microsoft’s Visual Code Studio (VCS) marketplace, where it counts nearly one […]
Hackers abuse Microsoft ClickOnce and AWS services for stealthy attacks
A sophisticated malicious campaign that researchers call OneClik has been leveraging Microsoft’s ClickOnce software deployment tool and custom Golang backdoors to compromise organizations within the energy, oil, and gas sectors. The hackers rely on legitimate AWS cloud services (AWS, Cloudfront, API Gateway, Lambda) to keep the command and control (C2) infrastructure hidden. ClickOnce is a deployment […]
Hackers target SSRF bugs in EC2-hosted sites to steal AWS credentials
A targeted campaign exploited Server-Side Request Forgery (SSRF) vulnerabilities in websites hosted on AWS EC2 instances to extract EC2 Metadata, which could include Identity and Access Management (IAM) credentials from the IMDSv1 endpoint. Retrieving IAM credentials allows attackers to escalate their privileges and access S3 buckets or control other AWS services, potentially leading to sensitive data exposure, […]
AWS rolls out ML-KEM to secure TLS from quantum threats
Amazon Web Services (AWS) has added support for the ML-KEM post-quantum key encapsulation mechanism to AWS Key Management Service (KMS), AWS Certificate Manager (ACM), and AWS Secrets Manager, making TLS connections more secure. ML-KEM (Module-Lattice-based Key Encapsulation Mechanism) is a post-quantum cryptographic algorithm designed to secure key exchanges from the perceived, yet still theoretical threat of […]
Nearly 12,000 API keys and passwords found in AI training dataset
Close to 12,000 valid secrets that include API keys and passwords have been found in the Common Crawl dataset used for training multiple artificial intelligence models. The Common Crawl non-profit organization maintains a massive open-source repository of petabytes of web data collected since 2008 and is free for anyone to use. Because of the large dataset, many […]