GIGAZINE

Vulnerabilities discovered in six AWS services that allow accounts to be hijacked through the automatic creation of S3 buckets

At the world's largest security event, Black Hat USA 2024, a research team from Aqua Security announced that six AWS services had critical vulnerabilities that could lead to account hijacking, remote ...
Dark Reading

AWS's Predictable Bucket Names Make Accounts Easier to Crack

The Amazon Web Services Cloud Development Kit (CDK), a popular open source tool, allows cyber teams to conveniently build software-defined cloud infrastructure with widely used programming languages, ...
Dark Reading

Critical AWS Vulnerabilities Allow S3 Attack Bonanza

BLACK HAT USA – Las Vegas – Thursday, Aug. 8 – Six critical vulnerabilities in Amazon Web Services (AWS) could have allowed threat actors to target organizations with remote code execution (RCE), ...
Business Wire

CyberArk Launches Secrets Hub for AWS Secrets Manager

BOSTON--(BUSINESS WIRE)--CyberArk Impact 2022–CyberArk (NASDAQ: CYBR), the global leader in Identity Security, today announced CyberArk Secrets Hub, a new Software-as-a-Service (SaaS) solution.
CSOonline

whoAMI name confusion attacks can expose AWS accounts to malicious code execution

Thousands of active AWS accounts are vulnerable to a cloud image name confusion attack that could allow attackers to execute codes within those accounts. According to DataDog research, vulnerable ...
Virtualization Review

AWS Changes to Account Access Key Management Imminent

Amazon Web Services customers will no longer have the ability to retrieve keys to their root accounts effective April 21. While Amazon announced the pending change last summer, it issued a reminder ...