2025-02-22 07:50:31 Pacfic
Threat to Software Supply Chain via Abandoned AWS S3 Buckets - 15d
Abandoned AWS S3 buckets used by various software projects, governments, and infrastructure deployment pipelines, now pose security risks.
Abandoned AWS S3 Buckets Facilitate Software Supply Chain Hijacking - 16d
Researchers have uncovered a critical security vulnerability in abandoned Amazon Web Services (AWS) S3 buckets that could enable attackers to hijack the global software supply chain. Attackers can re-register these abandoned buckets and serve malicious files to applications and tools that look for them, potentially leading to remote code execution and other security compromises. Researchers from security firm watchTowr identified approximately 150 AWS S3 storage buckets once used by various software projects to host sensitive scripts, configuration files, software updates, and other binary artifacts that were automatically downloaded and executed on user machines. Over a two-month period, the buckets received around 8 million HTTPS requests for all sorts of files, with requests coming from IP addresses registered to government agencies from several countries, including the US and the UK, military networks, Fortune 500 companies, payment card networks, industrial product manufacturers, banks and other financial organizations, universities, software vendors, and even cybersecurity companies.
Ransomware Abuses AWS Encryption Features - 8d
A new ransomware campaign is exploiting Amazon Web Services’ (AWS) Server-Side Encryption with Customer Provided Keys (SSE-C) to encrypt S3 buckets. The attackers use encryption keys unknown to the victims and demand ransoms for the decryption keys. This attack abuses a legitimate AWS feature, creating a very difficult situation for its victims who cannot recover their data without the decryption key. The ransomware crew has been dubbed ‘Codefinger’.