AWS Keys | Breaking Cybersecurity News | The Hacker News

Researchers have identified 1,859 apps across Android and iOS containing hard-coded Amazon Web Services (AWS) credentials, posing a major security risk. "Over three-quarters (77%) of the apps contained valid AWS access tokens allowing access to private AWS cloud services," Symantec's Threat Hunter team, a part of Broadcom Software, said in a  report  shared with The Hacker News. Interestingly, a little more than 50% of the apps were found using the same AWS tokens found in other apps maintained by other developers and companies, highlighting a supply chain issue with serious implications. "The AWS access tokens could be traced to a shared library, third-party SDK, or other shared component used in developing the apps," the researchers said. These credentials are typically used for downloading appropriate resources necessary for the app's functions as well as accessing configuration files and authenticating to other cloud services. To make matters wors...

Two trojanized Python and PHP packages have been uncovered in what's yet another instance of a software supply chain attack targeting the open source ecosystem. One of the packages in question is "ctx," a Python module available in the PyPi repository. The other involves "phpass," a PHP package that's been forked on GitHub to distribute a rogue update. "In both cases the attacker appears to have taken over packages that have not been updated in a while," the SANS Internet Storm Center (ISC)  said , one of whose volunteer incident handlers, Yee Ching, analyzed the ctx package. It's worth noting that ctx, prior to the latest release on May 21, 2022, was last published to PyPi on December 19, 2014. On the other hand, phpass hasn't received an update since it was uploaded to Packagist on August 31, 2012. Both the libraries have been removed from PyPi and GitHub . At its core, the modifications are designed to exfiltrate AWS credentials t...

The Need For Unified Security Google Workspace is where teams collaborate, share ideas, and get work done. But while it makes work easier, it also creates new security challenges. Cybercriminals are constantly evolving, finding ways to exploit misconfigurations, steal sensitive data, and hijack user accounts. Many organizations try to secure their environment by piecing together different security tools, hoping that multiple layers of protection will keep them safe.  But in reality, this patchwork approach often creates blind spots, making it harder—not easier—to defend against threats. To truly secure Google Workspace, businesses need a unified security strategy that offers complete protection without unnecessary complexity. The problem with most security solutions is that they only solve part of the puzzle. Point solutions, like tools that block malware or phishing attacks, might work well for a specific type of threat but fail to recognize suspicious user behavior, unauthori...