AWS - Security Ticks

Thousands of Apps Using AWS ALB Exposed to Attacks Due to Configuration Issue

Thousands of Apps Using AWS ALB Exposed to Attacks Due to Configuration Issue 2024-08-21 at 16:01 By Eduard Kovacs As many as 15,000 applications using AWS Application Load Balancer (ALB) could be exposed to ALBeast attacks. The post Thousands of Apps Using AWS ALB Exposed to Attacks Due to Configuration Issue appeared first on SecurityWeek. […]

React to this headline:

Thousands of Apps Using AWS ALB Exposed to Attacks Due to Configuration Issue Read More »

Cloud Misconfigurations Expose 110,000 Domains to Extortion in Widespread Campaign

AWS, cloud security, IAM, Malware & Threats, misconfiguration, Palo Alto Networks / SecurityTicks

Cloud Misconfigurations Expose 110,000 Domains to Extortion in Widespread Campaign 2024-08-16 at 17:46 By Ionut Arghire Security researchers at Palo Alto Networks discover a threat actor extorting organizations after compromising their cloud environments using inadvertently exposed environment variables. The post Cloud Misconfigurations Expose 110,000 Domains to Extortion in Widespread Campaign appeared first on SecurityWeek. This

React to this headline:

Cloud Misconfigurations Expose 110,000 Domains to Extortion in Widespread Campaign Read More »

Hide yo environment files! Or risk getting your cloud-stored data stolen and held for ransom

AWS, cloud security, credentials, data theft, Don't miss, extortion, Hot stuff, misconfiguration, News, Palo Alto Networks / SecurityTicks

Hide yo environment files! Or risk getting your cloud-stored data stolen and held for ransom 2024-08-15 at 17:16 By Zeljka Zorz Cybercriminals are breaking into organizations’ cloud storage containers, exfiltrating their sensitive data and, in several cases, have been paid off by the victim organizations to not leak or sell the stolen data. “The attackers

React to this headline:

Hide yo environment files! Or risk getting your cloud-stored data stolen and held for ransom Read More »

Scout Suite: Open-source cloud security auditing tool

Alibaba Cloud, auditing, AWS, Azure, cloud security, Don't miss, GitHub, Google Cloud, Hot stuff, NCC Group, News, open source, software / SecurityTicks

Scout Suite: Open-source cloud security auditing tool 2024-08-12 at 07:31 By Help Net Security Scout Suite is an open-source, multi-cloud security auditing tool designed to assess the security posture of cloud environments. By leveraging the APIs provided by cloud vendors, Scout Suite collects and organizes configuration data, making it easier to identify potential risks. Instead

React to this headline:

Scout Suite: Open-source cloud security auditing tool Read More »

AWS Patches Vulnerabilities Potentially Allowing Account Takeovers

Account Takeover, AWS, Cloud, cloud security / SecurityTicks

AWS Patches Vulnerabilities Potentially Allowing Account Takeovers 2024-08-08 at 13:31 By Eduard Kovacs AWS has patched vulnerabilities in several products, including flaws that could have been exploited to take over accounts. The post AWS Patches Vulnerabilities Potentially Allowing Account Takeovers appeared first on SecurityWeek. This article is an excerpt from SecurityWeek RSS Feed View Original

React to this headline:

AWS Patches Vulnerabilities Potentially Allowing Account Takeovers Read More »

AWS Deploying ‘Mithra’ Neural Network to Predict and Block Malicious Domains

Artificial Intelligence, AWS, cloud security, Honeypot, MadPot, Mithra, Threat Intelligence / SecurityTicks

AWS Deploying ‘Mithra’ Neural Network to Predict and Block Malicious Domains 2024-08-06 at 00:01 By Ryan Naraine AWS says a massive neural network graph model with 3.5 billion nodes and 48 billion edges is speeding up the prediction and detection of malicious domains. The post AWS Deploying ‘Mithra’ Neural Network to Predict and Block Malicious

React to this headline:

AWS Deploying ‘Mithra’ Neural Network to Predict and Block Malicious Domains Read More »

AWS Announces Authentication and Malware Protection Enhancements

AWS, cloud security / SecurityTicks

AWS Announces Authentication and Malware Protection Enhancements 2024-06-14 at 10:01 By Eduard Kovacs AWS announced passkey MFA for IAM and root users, IAM Access Analyzer updates, and Amazon GuardDuty Malware Protection for S3. The post AWS Announces Authentication and Malware Protection Enhancements appeared first on SecurityWeek. This article is an excerpt from SecurityWeek RSS Feed

React to this headline:

AWS Announces Authentication and Malware Protection Enhancements Read More »

Critical Fluent Bit flaw affects major cloud platforms, tech companies’ offerings (CVE-2024-4323)

AWS, Cisco, cloud computing, Don't miss, Google Cloud, Hot stuff, Intel, logging, News, open source, Sumo Logic, Tenable, Trend Micro, VMWare, vulnerability / SecurityTicks

Critical Fluent Bit flaw affects major cloud platforms, tech companies’ offerings (CVE-2024-4323) 2024-05-21 at 14:31 By Zeljka Zorz Tenable researchers have discovered a critical vulnerability (CVE-2024-4323) in Fluent Bit, a logging utility used by major cloud providers and tech companies, which may be leveraged for denial of service, information disclosure, or remote code execution. About

React to this headline:

Critical Fluent Bit flaw affects major cloud platforms, tech companies’ offerings (CVE-2024-4323) Read More »

Cloud Console Cartographer: Open-source tool helps security teams transcribe log activity

AWS, cloud security, Don't miss, GitHub, Hot stuff, News, Permiso, software / SecurityTicks

Cloud Console Cartographer: Open-source tool helps security teams transcribe log activity 2024-04-22 at 07:32 By Mirko Zorz Cloud Console Cartographer is an open-source tool that maps noisy log activity into highly consolidated, succinct events to help security practitioners cut through the noise and understand console behavior in their environment. “Infrastructure as code has replaced a

React to this headline:

Cloud Console Cartographer: Open-source tool helps security teams transcribe log activity Read More »

Inside AWS’s Crusade Against IP Spoofing and DDoS Attacks

AWS, cloud security, DDoS, Featured, Network Security / SecurityTicks

Inside AWS’s Crusade Against IP Spoofing and DDoS Attacks 2024-04-11 at 17:46 By Kevin Townsend SecurityWeek speaks to Tom Scholl, VP and distinguished engineer at AWS, on how the organization tackles IP Spoofing and DDoS attacks. The post Inside AWS’s Crusade Against IP Spoofing and DDoS Attacks appeared first on SecurityWeek. This article is an

React to this headline:

Inside AWS’s Crusade Against IP Spoofing and DDoS Attacks Read More »

Amazon takes minority share in ChatGPT rival Anthropic AI

AI chatbot, Amazon, Anthropic AI, AWS, Claude, investment / SecurityTicks

Amazon takes minority share in ChatGPT rival Anthropic AI 2024-03-28 at 10:02 By Cointelegraph by Savannah Fortis Amazon has fulfilled its $4 billion investment commitment to AI startup Anthropic, announcing a minority ownership stake in the company and Amazon Web Services (AWS) as its cloud service provider. This article is an excerpt from Cointelegraph.com News

React to this headline:

Amazon takes minority share in ChatGPT rival Anthropic AI Read More »

CloudGrappler: Open-source tool detects activity in cloud environments

AWS, Azure, Cado Security, cloud security, cybersecurity, Don't miss, GitHub, Hot stuff, News, open source, Permiso, software / SecurityTicks

CloudGrappler: Open-source tool detects activity in cloud environments 2024-03-11 at 09:07 By Mirko Zorz CloudGrappler is an open-source tool designed to assist security teams in identifying threat actors within their AWS and Azure environments. The tool, built on the foundation of Cado Security’s cloudgrep project, offers enhanced detection capabilities based on the tactics, techniques, and

React to this headline:

CloudGrappler: Open-source tool detects activity in cloud environments Read More »

Prowler: Open-source security tool for AWS, Google Cloud Platform, Azure

AWS, cybersecurity, database security, Don't miss, GitHub, Hot stuff, News, open source, software / SecurityTicks

Prowler: Open-source security tool for AWS, Google Cloud Platform, Azure 2024-02-07 at 07:31 By Mirko Zorz Prowler is an open-source security tool designed to assess, audit, and enhance the security of AWS, GCP, and Azure. It’s also equipped for incident response, continuous monitoring, hardening, and forensics preparation. Details The tool includes hundreds of controls that

React to this headline:

Prowler: Open-source security tool for AWS, Google Cloud Platform, Azure Read More »

Researchers discover exposed API secrets, impacting major tech tokens

API security, AWS, cybersecurity, Data leak, Escape, GitHub, News, Slack, Stripe / SecurityTicks

Researchers discover exposed API secrets, impacting major tech tokens 2024-02-05 at 07:33 By Help Net Security Escape’s security research team scanned 189.5 million URLs and found more than 18,000 exposed API secrets. 41% of exposed secrets were highly critical, i.e. could lead to financial risks for the organizations. Exposed API secrets The exposed secrets include

React to this headline:

Researchers discover exposed API secrets, impacting major tech tokens Read More »

CloudFoxable: Open-source AWS penetration testing playground

AWS, Bishop Fox, cybersecurity, News, penetration testing, research, skill development, software / SecurityTicks

CloudFoxable: Open-source AWS penetration testing playground 2024-01-22 at 07:02 By Mirko Zorz CloudFoxable is a capture-the-flag (CTF) style learning platform you can deploy to your playground AWS account. It primarily targets current penetration testers seeking to learn exploitation of cloud-native attack paths, and cloud security experts aiming to practice offensive security techniques safely. “What makes

React to this headline:

CloudFoxable: Open-source AWS penetration testing playground Read More »

Researchers Flag FBot Hacking Tool Hijacking Cloud, Payment Services

AWS, cybercrime, Fbot, Fraud & Identity Theft, PayPal, SentinelLabs / SecurityTicks

Researchers Flag FBot Hacking Tool Hijacking Cloud, Payment Services 2024-01-11 at 23:01 By Ryan Naraine The tool, called FBot, is capable of credential harvesting for spamming attacks, and AWS, PayPal and SaaS account hijacking. The post Researchers Flag FBot Hacking Tool Hijacking Cloud, Payment Services appeared first on SecurityWeek. This article is an excerpt from

React to this headline:

Researchers Flag FBot Hacking Tool Hijacking Cloud, Payment Services Read More »

5 free generative AI courses you can take right now

AWS, Don't miss, generative AI, Google, Ingram Micro, News, skill development / SecurityTicks

5 free generative AI courses you can take right now 2023-12-27 at 07:01 By Help Net Security Generative AI (GenAI) is a form of artificial intelligence technology focused on generating new content. This can include text, images, audio, and other media types. It’s a rapidly evolving field with significant implications in various industries, technology, and

React to this headline:

5 free generative AI courses you can take right now Read More »

1Kosmos partners with AWS to offer MFA for customer use cases

1Kosmos, Amazon, AWS, Industry news / SecurityTicks

1Kosmos partners with AWS to offer MFA for customer use cases 07/12/2023 at 14:31 By Industry News 1Kosmos announced it has completed the integration of its 1Kosmos BlockID platform with Amazon Cognito. As an AWS Advanced Technology Partner, 1Kosmos enables Amazon customers to seamlessly add passwordless multi-factor authentication (MFA) to their customer-facing web and mobile

React to this headline:

1Kosmos partners with AWS to offer MFA for customer use cases Read More »

Business metrics for Cisco Cloud Observability capability enables customers to protect revenue

AWS, Cisco, Industry news / SecurityTicks

Business metrics for Cisco Cloud Observability capability enables customers to protect revenue 29/11/2023 at 15:02 By Industry News Cisco announced new business metrics in Cisco Cloud Observability. Powered by the Cisco Observability Platform to enhance business context for modern applications running on AWS. This latest release also supports integration with AWS services and application performance

React to this headline:

Business metrics for Cisco Cloud Observability capability enables customers to protect revenue Read More »

Amazon One Enterprise Enables Palm-Based Access to Physical Locations, Digital Assets

access, AWS, Cloud, cloud security, IAM, Identity & Access / SecurityTicks

Amazon One Enterprise Enables Palm-Based Access to Physical Locations, Digital Assets 28/11/2023 at 17:17 By Eduard Kovacs AWS announces Amazon One Enterprise, a palm-based identity service that enables users to easily access physical locations and digital assets. The post Amazon One Enterprise Enables Palm-Based Access to Physical Locations, Digital Assets appeared first on SecurityWeek. This

React to this headline:

Amazon One Enterprise Enables Palm-Based Access to Physical Locations, Digital Assets Read More »