Business Insider

Lightspin Research Team Discovers Cross-Account Attack Path Leveraging Dangerous S3 Bucket Permissions on AWS

Hackers can achieve public write access to write files to protected S3 buckets and store data at a victim's expense TEL AVIV, Israel, June 3, 2021 /PRNewswire/ -- Lightspin, a pioneer in contextual ...
Dark Reading

Abandoned AWS Cloud Storage: A Major Cyberattack Vector

Abandoned cloud storage buckets present a major, but largely overlooked, threat to Internet security, new research has shown. The risks arise when bad actors discover and re-register these neglected ...
Dark Reading

AWS's Predictable Bucket Names Make Accounts Easier to Crack

The Amazon Web Services Cloud Development Kit (CDK), a popular open source tool, allows cyber teams to conveniently build software-defined cloud infrastructure with widely used programming languages, ...
Bleeping Computer

Amazon S3 will now encrypt all new data with AES-256 by default

Amazon Simple Storage Service (S3) will now automatically encrypt all new objects added on buckets on the server side, using AES-256 by default. While the server-side encryption system has been ...
Bleeping Computer

2% of Amazon S3 Public Buckets Aren't Write-Protected, Exposed to Ransom Attacks

New research published on Monday reveals that 5.8% of all Amazon S3 buckets are publicly readable, while 2% are publicly writeable —with the latter allowing anyone to add, edit, or delete data, and ...