Browsing tag
Unsecured Amazon S3 Bucket Claims Another Victim – This Time, Private Data of 1.3 Million Limogés Jewelry Customers Have Been Exposed. Have you heard about MBM Company INC.? Probably you haven’t because not many are familiar with this name but you must be familiar with the brand name Limogés Jewelry. Limogés Jewelry is actually the […]
It is just another day with just another privacy invasion – This time it is FedEx whose customer data has been exposed online, thanks to unsecured AWS S3 bucket. In July 2017, FedEx Corporation, a multinational courier delivery services company based in the United States announced that its subsidiary company TNT Express was facing issues due to the infection […]
Leaving private data on exposed AWS servers isn’t as rare as you might think. Security researchers and hackers can access such data with ease using appropriate tools. To make this process even easier, some developers have created a tool named BuckHacker, which lets one search for such exposed servers. In the past, you must have […]
CS Suite is a one stop tool for auditing the security posture of the AWS infrastructure and does system audits as well. CS Suite leverages current open source tools capabilities and has other missing checks added into one tool to rule them all. The major features include: Simple installation with support of python virtual environment […]
shimit is a python tool that implements the Golden SAML attack. python .shimit.py -h usage: shimit.py [-h] -pk KEY [-c CERT] [-sp SP] -idp IDP -u USER [-reg REGION] [–SessionValidity SESSION_VALIDITY] [–SamlValidity SAML_VALIDITY] -n SESSION_NAME -r ROLES -id ARN [-o OUT_FILE] [-l LOAD_FILE] [-t TIME] ██╗ ███████╗██╗ ██╗██╗███╗ ███╗██╗████████╗ ██╗ ██╗ ██╔╝ ██╔════╝██║ ██║██║████╗ ████║██║╚══██╔══╝ ██╔╝ […]
In September this year when Equifax servers were hacked it allowed attackers to steal personal details of more than 143 million Americans – That was over 40% of the entire population of the United States. Now, the Cyber Risk Team at UpGuard have discovered a massive trove of data belonging to households in which personal and sensitive details […]
Some quick tips if you use S3 buckets: Randomise your bucket names! There is no need to use company-backup.s3.amazonaws.com. Set appropriate permissions and audit regularly. If possible create two buckets – one for your public assets and another for private data. Be mindful about your data. What are suppliers, contractors and third parties doing with […]
Another day another massive trove of sensitive NSA data exposed online – This time, security firm UpGuard’s Cyber Risk team has identified yet another unsecured AWS (Amazon Web Service) S3 cloud storage bucket containing sensitive, confidential data that belongs to the joint command of National Security Agency (NSA) and US Defense Department called the United States […]
One stop tool for auditing the security posture of AWS. Pre-requisites Python 2.7 pip git Installation git clone https://github.com/SecurityFTW/cs-suite.git cd cs-suite/ sudo python setup.py Note – Generate a set of ReadOnly AWS keys which the tool will ask to finish the installation process. Virtual Environment installation (So you don’t mess with the already installed python […]
It’s another day with yet another Amazon Web Services (AWS) bucket exposing sensitive user data to the public. IT security researchers at Kromtech Security discovered an unprotected Amazon Web Services (AWS) bucket available for public access. The bucket contained personal and sensitive data of more than 150,000 patients from Patient Home Monitoring (PHM) healthcare firm (Lafayette, Louisiana, United States) […]
On September 17th, 2017, Chris Vickery, director of Cyber Risk Research at UpGuard discovered a trove of highly sensitive data exposed online without any security or login credentials. The data belonged to one of the world’s largest corporate consulting and management firms Accenture PLC based in Dublin, Ireland. The data was left exposed on four Amazon Web […]
Over Half a Million Vehicle Records from SVR Tracking Leaked Online – Thanks to Amazon Web Services Bucket. SVR Tracking, a renowned vehicle tracker devices manufacturer, has become the latest victim of data exposure. According to Kromtech Security Centre’s research, login data of more than half a million records of SVR Tracking was leaked online […]
Amazon Web Service (AWS) went through outage for four hours around three days back, which took the internet security community by surprise. All sorts of speculations and rumors started spreading about the reasons behind the service outage. However, the company has now publicly announced that the actual reason behind the breakdown of its internet service […]
Short Bytes: A hacker has published an open source tool for helping administrators strengthen the security of their networks. Dubbed TruffleHog, this tool scans the commit history and branches for high entropy keys, and prints them. A similar tool is already used by Amazon to scan leaked AWS keys, a Reddit user claimed. A security researcher […]
To benefit the hard-working app developers and programmers, Amazon is starting a cloud-based service named AWS Device Farm. AWS Device Farm will help developers to test their applications on real devices i.e. physical cellphones and tablets. For the time being, iOS app testing is not included in AWS Device Farm and this service will be […]
Following the footsteps of Microsoft, Amazon has launched its first product for machine learning service. At the AWS Summit in San Francisco, Amazon Web Services announced a new machine learning platform. Amazon Web Services debuted a service that developers can use to implement machine learning in their applications. Recently, Microsoft announced Azure Machine Learning, which […]