Security
Headlines
HeadlinesLatestCVEs

Tag

#aws

'TruffleNet' Attack Wields Stolen Credentials Against AWS

Reconnaissance and BEC are among the malicious activities attackers commit after compromising cloud accounts, using a framework based on the TruffleHog tool.

DARKReading
Open in Source
#aws
GHSA-f556-49jc-4rvc: Ansible does not collect garbage after playbook run

A flaw was found in Ansible Base when using the aws_ssm connection plugin as its garbage collector is not happening after the playbook run is completed. Files would remain in the bucket exposing the data. This issue directly affects data confidentiality.

Microsoft Outage Hits Azure, 365, Xbox, Minecraft and More

A major Microsoft outage has disrupted Azure, Microsoft 365, Xbox, and Minecraft worldwide after a configuration failure, with services now gradually recovering.

The Microsoft Azure Outage Shows the Harsh Reality of Cloud Failures

The second major cloud outage in less than two weeks, Azure’s downtime highlights the “brittleness” of a digital ecosystem that depends on a few companies never making mistakes.

Experts Reports Sharp Increase in Automated Botnet Attacks Targeting PHP Servers and IoT Devices

Cybersecurity researchers are calling attention to a spike in automated attacks targeting PHP servers, IoT devices, and cloud gateways by various botnets such as Mirai, Gafgyt, and Mozi. "These automated campaigns exploit known CVE vulnerabilities and cloud misconfigurations to gain control over exposed systems and expand botnet networks," the Qualys Threat Research Unit (TRU) said in a report

Researchers Expose GhostCall and GhostHire: BlueNoroff's New Malware Chains

Threat actors tied to North Korea have been observed targeting the Web3 and blockchain sectors as part of twin campaigns tracked as GhostCall and GhostHire. According to Kaspersky, the campaigns are part of a broader operation called SnatchCrypto that has been underway since at least 2017. The activity is attributed to a Lazarus Group sub-cluster called BlueNoroff, which is also known as APT38,

Advanced Serverless Security: Zero Trust Implementation with AI-Powered Threat Detection

Serverless architectures have fundamentally altered the cybersecurity landscape, creating attack vectors that traditional security models cannot address. After…

Amazon Explains How Its AWS Outage Took Down the Web

Plus: The Jaguar Land Rover hack sets an expensive new record, OpenAI’s new Atlas browser raises security fears, Starlink cuts off scam compounds, and more.

GHSA-9g4h-h484-3578: HashiCorp Vault and Vault Enterprise's AWS Auth method may be susceptible to authentication bypass

Vault and Vault Enterprise's ("Vault") AWS Auth method may be susceptible to authentication bypass if the role of the configured bound_principal_iam is the same across AWS accounts, or uses a wildcard. This vulnerability is fixed in Vault Community Edition 1.21.0 and Vault Enterprise 1.21.0, 1.20.5, 1.19.11, and 1.16.27.

GHSA-jp7h-4f3c-9rc7: OpenBao AWS Plugin Vulnerable to Cross-Account IAM Role Impersonation in AWS Auth Method

### Impact This is a cross-account impersonation vulnerability in the `auth-aws` plugin. The vulnerability allows an IAM role from an untrusted AWS account to authenticate by impersonating a role with the **same name** in a trusted account, leading to unauthorized access. This impacts all users of the `auth-aws` plugin who operate in a multi-account AWS environment where IAM role names may not be unique across accounts. The core of the vulnerability is a flawed caching mechanism that fails to validate the AWS Account ID during authentication. While the use of wildcards in a `bound_iam_principal_arn configuration` significantly increases the attack surface, **wildcards are not a prerequisite for exploitation**. The vulnerability can be exploited with specific ARN bindings if a role name collision occurs. Successful exploitation can lead to unauthorized access to secrets, data exfiltration, and privilege escalation. Given that the only prerequisite is a duplicate role name, the severi...