Dark Reading

Critical AWS Vulnerabilities Allow S3 Attack Bonanza

BLACK HAT USA – Las Vegas – Thursday, Aug. 8 – Six critical vulnerabilities in Amazon Web Services (AWS) could have allowed threat actors to target organizations with remote code execution (RCE), ...
Threat Post

Experts Warn Too Often AWS S3 Buckets Are Misconfigured, Leak Data

An analysis of Amazon Web Services storage containers reveals troubling trend of misconfigured S3 buckets that leak data. Reasons why this keeps on happening vary. But, Detectify Labs believes many ...
heise online

AWS S3: Account Regional Namespaces End Bucket Squatting

Amazon Web Services (AWS) has introduced Account Regional Namespaces for Amazon S3 General Purpose Buckets. This allows customers to create bucket names in a reserved namespace per account and region ...
CSOonline

Abandoned AWS S3 buckets open door to remote code execution, supply-chain compromises

Attackers re-register abandoned AWS S3 buckets filled with malicious files that are executed by applications looking for these buckets. Code references to nonexistent cloud assets continue to pose ...
CSOonline

What are Amazon Zelkova and Tiros? AWS looks to reduce S3 configuration errors

To help reduce the chance of AWS S3 configuration errors, Amazon is working on two new tools – Zelkova and Tiros – to provide greater clarity around who has access to your data and resources and what ...