Attackers can gain access to AWS accounts or sensitive data by creating in advance S3 storage buckets with predictable names that will be automatically used by various services and tools.

potentially allowing the vendor to access sensitive data or take control of the entire AWS account. What's more, 2% of these third-party roles do not enforce the use of External IDs, leaving them ...

The cloud provider is getting stricter with Reserved Instances and Savings Plans, restricting use to a single end customer.

Cybersecurity researchers have discovered risky default identity and access management (IAM) roles impacting Amazon Web ...

Weak identity and access controls, inadequate encryption, insecure application programming interfaces (APIs), application and service misconfigurations, denial of service (DoS) attacks and insider ...

Contributor content. Aiming to reduce exposure to today’s complex threat landscape, many businesses are taking ownership of ...

The attacker grabs the symmetric AWS-256 keys and demands the owner of the AWS account pay up to decrypt their files. The ransomware campaign was discovered by Halcyon which was clear in stating ...

Thousands of active AWS accounts are vulnerable to a cloud image name confusion attack that could allow attackers to execute codes within those accounts. According to DataDog research, vulnerable ...