If you needed yet another reminder of what happens when security basics go awry
It's a good news day for organizations that don't leave their AWS environment files publicly exposed because infosec experts say those that do may be caught up in an extensive and sophisticated extortion campaign.
Those in the study who eventually found their S3-stored data replaced with a ransom note had exposed their environment variables, failed to refresh credentials regularly, and didn't adopt a least-privilege architecture. These access keys didn't have the admin privileges the attackers were after, but they did allow for the creation of new IAM roles to which policies could be applied, ultimately allowing them to escalate their privileges to those with unfettered access.
Singapore Latest News, Singapore Headlines
Similar News:You can also read news stories similar to this one that we have collected from other news sources.
AWS 'Bucket Monopoly' attacks could allow complete account takeoverVulnerable services fixed by the cloud biz but open source projects still at risk
Read more »
Open source biz promises to slash bills with observability-as-a-service in the cloudAWS first, others to follow
Read more »
Japan's Fugaku supercomputer released in virtual version that runs in AWSGraviton processors get the job of helping RIKEN achieve HPC world domination
Read more »
Reckless Chinese rocket launch leaves huge cloud of dangerous space junk that ‘poses a significant h...Inside incredible sci-fi plan to blast orbiting space junk with powerful lasers so debris can safely plummet to Earth
Read more »
Team GB Olympics star breaks silence after cheating accusationsJade Jones entered the Olympic Games under a doping controversy cloud
Read more »
Cloud storage lockers from Microsoft and Google used to store and spread state-sponsored malwareWhy run your own evil infrastructure when Big Tech offers robust tools hosted at trusted URLs?
Read more »