Ars Technica

AWS S3 storage bucket with unlucky name nearly cost developer $1,300

If you’re using Amazon Web Services and your S3 storage bucket can be reached from the open web, you’d do well not to pick a generic name for that space. Avoid “example,” skip “change_me,” don’t even ...
Dark Reading

Critical AWS Vulnerabilities Allow S3 Attack Bonanza

BLACK HAT USA – Las Vegas – Thursday, Aug. 8 – Six critical vulnerabilities in Amazon Web Services (AWS) could have allowed threat actors to target organizations with remote code execution (RCE), ...
Dark Reading

AWS's Predictable Bucket Names Make Accounts Easier to Crack

The Amazon Web Services Cloud Development Kit (CDK), a popular open source tool, allows cyber teams to conveniently build software-defined cloud infrastructure with widely used programming languages, ...
CRN

Amazon Security Chief On Stopping 2.7 Trillion EC2 Attacks, 28 Billion S3 Storage Attempts

Amazon CISO CJ Moses explains how Amazon’s honeypot system Madpot and Amazon Web Services’ active defense tool Sonaris are stopping trillions of cyberattacks on Amazon EC2 and S3 storage buckets.
TechRadar

AWS S3 feature abused by ransomware hackers to encrypt storage buckets

Attackers access storage buckets with exposed AWS keys The files are then encrypted and scheduled for deletion after a week Halycon says it observed at least two victims being attacked this way ...
CSOonline

Ransomware gangs seize a new hostage: your AWS S3 buckets

Attackers are moving beyond on-prem systems and now using AWS’s own encryption and key management features to lock organizations out of their cloud data. Ransomware operators are shifting their focus ...