AWS

The shocking speed of AWS key exploitation

The shocking speed of AWS key exploitation 2024-12-02 at 21:19 By Zeljka Zorz It’s no secret that developers often inadvertently expose AWS access keys online and we know that these keys are being scraped and misused by attackers before organizations get a chance to revoke them. Clutch Security researchers performed a test to see just […]

React to this headline:

Loading spinner

The shocking speed of AWS key exploitation Read More »

AWS offers incident response service

AWS offers incident response service 2024-12-02 at 14:15 By Zeljka Zorz Amazon Web Services (AWS) has launched a new service to help organizations prepare for and recover from ransomware attacks, account takeovers, data breaches, and other security events: AWS Security Incident Response (SIR). Creating a case (Source: AWS) AWS Security Incident Response explained “Security events

React to this headline:

Loading spinner

AWS offers incident response service Read More »

Deploy a SOC using Kali Linux in AWS

Deploy a SOC using Kali Linux in AWS 2024-11-25 at 07:04 By Mirko Zorz The Kali SOC in AWS project enables the deployment of a Security Operations Center (SOC) in AWS, utilizing the Kali Linux toolset for purple team activities. This environment is ideal for honing skills in security operations, threat detection, incident response, and

React to this headline:

Loading spinner

Deploy a SOC using Kali Linux in AWS Read More »

AWS security essentials for managing compliance, data protection, and threat detection

AWS security essentials for managing compliance, data protection, and threat detection 2024-11-07 at 07:03 By Help Net Security AWS offers a comprehensive suite of security tools to help organizations manage compliance, protect sensitive data, and detect threats within their environments. From AWS Security Hub and Amazon GuardDuty to Amazon Macie and AWS Config, each tool

React to this headline:

Loading spinner

AWS security essentials for managing compliance, data protection, and threat detection Read More »

Whispr: Open-source multi-vault secret injection tool

Whispr: Open-source multi-vault secret injection tool 2024-11-04 at 07:03 By Mirko Zorz Whispr is an open-source CLI tool designed to securely inject secrets from secret vaults, such as AWS Secrets Manager and Azure Key Vault, directly into your application’s environment. This enhances secure local software development by seamlessly managing sensitive information. Whispr key features Safe

React to this headline:

Loading spinner

Whispr: Open-source multi-vault secret injection tool Read More »

The Cloud Latency Map measures latency across 100+ cloud regions

The Cloud Latency Map measures latency across 100+ cloud regions 2024-10-29 at 16:03 By Industry News Kentik launched The Cloud Latency Map, a free public tool allowing anyone to explore the latencies measured between over 100 cloud regions worldwide. Users can identify recent changes in latencies globally between various public clouds and data center regions

React to this headline:

Loading spinner

The Cloud Latency Map measures latency across 100+ cloud regions Read More »

Thousands of Apps Using AWS ALB Exposed to Attacks Due to Configuration Issue

Thousands of Apps Using AWS ALB Exposed to Attacks Due to Configuration Issue 2024-08-21 at 16:01 By Eduard Kovacs As many as 15,000 applications using AWS Application Load Balancer (ALB) could be exposed to ALBeast attacks.  The post Thousands of Apps Using AWS ALB Exposed to Attacks Due to Configuration Issue appeared first on SecurityWeek.

React to this headline:

Loading spinner

Thousands of Apps Using AWS ALB Exposed to Attacks Due to Configuration Issue Read More »

Cloud Misconfigurations Expose 110,000 Domains to Extortion in Widespread Campaign

Cloud Misconfigurations Expose 110,000 Domains to Extortion in Widespread Campaign 2024-08-16 at 17:46 By Ionut Arghire Security researchers at Palo Alto Networks discover a threat actor extorting organizations after compromising their cloud environments using inadvertently exposed environment variables. The post Cloud Misconfigurations Expose 110,000 Domains to Extortion in Widespread Campaign appeared first on SecurityWeek. This

React to this headline:

Loading spinner

Cloud Misconfigurations Expose 110,000 Domains to Extortion in Widespread Campaign Read More »

Hide yo environment files! Or risk getting your cloud-stored data stolen and held for ransom

Hide yo environment files! Or risk getting your cloud-stored data stolen and held for ransom 2024-08-15 at 17:16 By Zeljka Zorz Cybercriminals are breaking into organizations’ cloud storage containers, exfiltrating their sensitive data and, in several cases, have been paid off by the victim organizations to not leak or sell the stolen data. “The attackers

React to this headline:

Loading spinner

Hide yo environment files! Or risk getting your cloud-stored data stolen and held for ransom Read More »

Scout Suite: Open-source cloud security auditing tool

Scout Suite: Open-source cloud security auditing tool 2024-08-12 at 07:31 By Help Net Security Scout Suite is an open-source, multi-cloud security auditing tool designed to assess the security posture of cloud environments. By leveraging the APIs provided by cloud vendors, Scout Suite collects and organizes configuration data, making it easier to identify potential risks. Instead

React to this headline:

Loading spinner

Scout Suite: Open-source cloud security auditing tool Read More »

AWS Deploying ‘Mithra’ Neural Network to Predict and Block Malicious Domains

AWS Deploying ‘Mithra’ Neural Network to Predict and Block Malicious Domains 2024-08-06 at 00:01 By Ryan Naraine AWS says a massive neural network graph model with 3.5 billion nodes and 48 billion edges is speeding up the prediction and detection of malicious domains. The post AWS Deploying ‘Mithra’ Neural Network to Predict and Block Malicious

React to this headline:

Loading spinner

AWS Deploying ‘Mithra’ Neural Network to Predict and Block Malicious Domains Read More »

AWS Announces Authentication and Malware Protection Enhancements

AWS Announces Authentication and Malware Protection Enhancements 2024-06-14 at 10:01 By Eduard Kovacs AWS announced passkey MFA for IAM and root users, IAM Access Analyzer updates, and Amazon GuardDuty Malware Protection for S3. The post AWS Announces Authentication and Malware Protection Enhancements appeared first on SecurityWeek. This article is an excerpt from SecurityWeek RSS Feed

React to this headline:

Loading spinner

AWS Announces Authentication and Malware Protection Enhancements Read More »

Critical Fluent Bit flaw affects major cloud platforms, tech companies’ offerings (CVE-2024-4323)

Critical Fluent Bit flaw affects major cloud platforms, tech companies’ offerings (CVE-2024-4323) 2024-05-21 at 14:31 By Zeljka Zorz Tenable researchers have discovered a critical vulnerability (CVE-2024-4323) in Fluent Bit, a logging utility used by major cloud providers and tech companies, which may be leveraged for denial of service, information disclosure, or remote code execution. About

React to this headline:

Loading spinner

Critical Fluent Bit flaw affects major cloud platforms, tech companies’ offerings (CVE-2024-4323) Read More »

Cloud Console Cartographer: Open-source tool helps security teams transcribe log activity

Cloud Console Cartographer: Open-source tool helps security teams transcribe log activity 2024-04-22 at 07:32 By Mirko Zorz Cloud Console Cartographer is an open-source tool that maps noisy log activity into highly consolidated, succinct events to help security practitioners cut through the noise and understand console behavior in their environment. “Infrastructure as code has replaced a

React to this headline:

Loading spinner

Cloud Console Cartographer: Open-source tool helps security teams transcribe log activity Read More »

Inside AWS’s Crusade Against IP Spoofing and DDoS Attacks

Inside AWS’s Crusade Against IP Spoofing and DDoS Attacks 2024-04-11 at 17:46 By Kevin Townsend SecurityWeek speaks to Tom Scholl, VP and distinguished engineer at AWS, on how the organization tackles IP Spoofing and DDoS attacks. The post Inside AWS’s Crusade Against IP Spoofing and DDoS Attacks appeared first on SecurityWeek. This article is an

React to this headline:

Loading spinner

Inside AWS’s Crusade Against IP Spoofing and DDoS Attacks Read More »

Amazon takes minority share in ChatGPT rival Anthropic AI

Amazon takes minority share in ChatGPT rival Anthropic AI 2024-03-28 at 10:02 By Cointelegraph by Savannah Fortis Amazon has fulfilled its $4 billion investment commitment to AI startup Anthropic, announcing a minority ownership stake in the company and Amazon Web Services (AWS) as its cloud service provider. This article is an excerpt from Cointelegraph.com News

React to this headline:

Loading spinner

Amazon takes minority share in ChatGPT rival Anthropic AI Read More »

CloudGrappler: Open-source tool detects activity in cloud environments

CloudGrappler: Open-source tool detects activity in cloud environments 2024-03-11 at 09:07 By Mirko Zorz CloudGrappler is an open-source tool designed to assist security teams in identifying threat actors within their AWS and Azure environments. The tool, built on the foundation of Cado Security’s cloudgrep project, offers enhanced detection capabilities based on the tactics, techniques, and

React to this headline:

Loading spinner

CloudGrappler: Open-source tool detects activity in cloud environments Read More »

Prowler: Open-source security tool for AWS, Google Cloud Platform, Azure

Prowler: Open-source security tool for AWS, Google Cloud Platform, Azure 2024-02-07 at 07:31 By Mirko Zorz Prowler is an open-source security tool designed to assess, audit, and enhance the security of AWS, GCP, and Azure. It’s also equipped for incident response, continuous monitoring, hardening, and forensics preparation. Details The tool includes hundreds of controls that

React to this headline:

Loading spinner

Prowler: Open-source security tool for AWS, Google Cloud Platform, Azure Read More »

Researchers discover exposed API secrets, impacting major tech tokens

Researchers discover exposed API secrets, impacting major tech tokens 2024-02-05 at 07:33 By Help Net Security Escape’s security research team scanned 189.5 million URLs and found more than 18,000 exposed API secrets. 41% of exposed secrets were highly critical, i.e. could lead to financial risks for the organizations. Exposed API secrets The exposed secrets include

React to this headline:

Loading spinner

Researchers discover exposed API secrets, impacting major tech tokens Read More »

Scroll to Top