FlagThis

A new ransomware campaign is exploiting Amazon Web Services’ (AWS) Server-Side Encryption with Customer Provided Keys (SSE-C) to encrypt S3 buckets. The attackers use encryption keys unknown to the victims and demand ransoms for the decryption keys. This attack abuses a legitimate AWS feature, creating a very difficult situation for its victims who cannot recover their data without the decryption key. The ransomware crew has been dubbed ‘Codefinger’.

A fake BMI calculator app, ‘BMI CalculationVsn,’ on the Amazon Appstore was stealing user data. The app has been removed from the store after the report by McAfee. Users who installed the app should manually uninstall it.

Amazon is facing scrutiny from the US House Select Committee on China regarding its growing partnership with TikTok. The Committee summoned Amazon staffers in September to discuss concerns about the partnership, particularly in light of TikTok’s Chinese ownership. This development highlights increasing concerns about the potential security risks associated with TikTok and its access to user data. The Committee’s investigation raises questions about the potential for TikTok to be used as a tool for Chinese government espionage or influence operations. The investigation underscores the growing global tension surrounding data security and the potential for tech companies with ties to foreign governments to be used for nefarious purposes.