The Hacker News Logo
Subscribe to Newsletter

The Hacker News — Cyber Security and Hacking News Website: Amazon Web Services

Magecart Hackers Infect 17,000 Sites Through Misconfigured Amazon S3 Buckets

Magecart Hackers Infect 17,000 Sites Through Misconfigured Amazon S3 Buckets

July 11, 2019Swati Khandelwal
Magecart strikes again! Cybersecurity researchers have identified yet another supply-chain attack carried out by payment card hackers against more than 17,000 web domains, which also include websites in the top 2,000 of Alexa rankings. Since Magecart is neither a single group nor a specific malware instead an umbrella term given to all those cyber criminal groups and individuals who inject digital card skimmers on compromised websites, it is not necessary for every one of them to use similar techniques with the same sophistication. A new report shared with The Hacker News prior to its release details a new supply-chain attack campaign wherein hackers are using shotgun approach instead of targeted attacks to infect a wide range of websites, preferring larger infection reach as possible over accuracy. Almost two months ago, security researchers from RiskIQ discovered supply-chain attacks involving credit card skimmers placed on several web-based suppliers, including AdMaxi
AWS Certification Training Courses – Get 2019 Bundle @ 96% OFF

AWS Certification Training Courses – Get 2019 Bundle @ 96% OFF

March 13, 2019The Hacker News
With countless web apps and online services launching every day, there is an increasing demand for cloud developers. This exciting niche is due to grow rapidly over the next few years, and the paycheck should follow suit. If you want to build a career in this lucrative niche, it pays to know AWS (Amazon Web Services). With the AWS Certified Architect Developer Bundle 2019 , you get seven courses and over 51 hours of video tutorials that are working towards official exams. It's worth nearly $1,000, but you can get the training now for only $35 for a limited time . According to Synergy Research , Amazon Web Services has a massive 35% share of the cloud computing market. The platform plays host to millions of clients and dozens of multinationals, including Adobe, LinkedIn, GE, and Netflix. As a certified AWS expert, you put yourself first in line for exciting opportunities at these major companies. AWS Certification Training – 7 In-Depth Online Courses If you're
Critical Flaws Found in Amazon FreeRTOS IoT Operating System

Critical Flaws Found in Amazon FreeRTOS IoT Operating System

October 19, 2018Swati Khandelwal
A security researcher has discovered several critical vulnerabilities in one of the most popular embedded real-time operating systems—called FreeRTOS—and its other variants, exposing a wide range of IoT devices and critical infrastructure systems to hackers. What is FreeRTOS (Amazon, WHIS OpenRTOS, SafeRTOS)? FreeRTOS is a leading open source real-time operating system (RTOS) for embedded systems that has been ported to over 40 microcontrollers, which are being used in IoT, aerospace, medical, automotive industries, and more. RTOS has specifically been designed to carefully run applications with very precise timing and a high degree of reliability, every time. A pacemaker is an excellent example of the real-time embedded system that contracts heart muscle at the right time, a process that can't afford delays, to keep a person alive. Since late last year, FreeRTOS project is being managed by Amazon, who created Amazon FreeRTOS (a:FreeRTOS) IoT operating system for mic
Viacom Left Sensitive Data And Secret Access Key On Unsecured Amazon Server

Viacom Left Sensitive Data And Secret Access Key On Unsecured Amazon Server

September 20, 2017Wang Wei
Viacom—the popular entertainment and media company that owns Paramount Pictures, Comedy Central, MTV, and hundreds of other properties—has exposed the keys to its kingdom on an unsecured Amazon S3 server. A security researcher working for California-based cyber resiliency firm UpGuard has recently discovered a wide-open, public-facing misconfigured Amazon Web Server S3 cloud storage bucket containing roughly a gigabyte's worth of credentials and configuration files for the backend of dozens of Viacom properties. These exposed credentials discovered by UpGuard researcher Chris Vickery would have been enough for hackers to take down Viacom's internal IT infrastructure and internet presence, allowing them to access cloud servers belonging to MTV, Paramount Pictures and Nickelodeon. Among the data exposed in the leak was Viacom's master key to its Amazon Web Services account, and the credentials required to build and maintain Viacom servers across its many subsidiarie
Over 14 Million Verizon Customers' Data Exposed On Unprotected AWS Server

Over 14 Million Verizon Customers' Data Exposed On Unprotected AWS Server

July 12, 2017Mohit Kumar
Verizon, the major telecommunications provider, has suffered a data security breach with over 14 million US customers' personal details exposed on the Internet after NICE Systems , a third-party vendor, mistakenly left the sensitive users’ details open on a server. Chris Vickery, researcher and director of cyber risk research at security firm UpGuard, discovered the exposed data on an unprotected Amazon S3 cloud server that was fully downloadable and configured to allow public access. The exposed data includes sensitive information of millions of customers, including their names, phone numbers, and account PINs (personal identification numbers), which is enough for anyone to access an individual's account, even if the account is protected by two-factor authentication . "The exposure of Verizon account PIN codes used to verify customers, listed alongside their associated phone numbers, is particularly concerning," explained UpGuard's Dan O'Sullivan in
How A Simple Command Typo Took Down Amazon S3 and Big Chunk of the Internet

How A Simple Command Typo Took Down Amazon S3 and Big Chunk of the Internet

March 03, 2017Swati Khandelwal
The major internet outage across the United States earlier this week was not due to any virus or malware or state-sponsored cyber attack, rather it was the result of a simple TYPO. Amazon on Thursday admitted that an incorrectly typed command during a routine debugging of the company's billing system caused the 5-hour-long outage of some Amazon Web Services (AWS) servers on Tuesday. The issue caused tens of thousands of websites and services to become completely unavailable, while others show broken images and links, which left online users around the world confused. The sites and services affected by the disruption include Quora, Slack, Medium, Giphy, Trello, Splitwise, Soundcloud, and IFTTT, among a ton of others. Here's What Happened: On Tuesday morning, members of Amazon Simple Storage Service (S3) team were debugging the S3 cloud-storage billing system. As part of the process, the team needed to take a few billing servers offline, but unfortunately, it end
Multiple Flaws Exposed in Pocket Add-on for Firefox

Multiple Flaws Exposed in Pocket Add-on for Firefox

August 21, 2015Khyati Jain
With providing easy accessibility, the battle is not won! Server-side Vulnerabilities have been reported by a security researcher in the popular Pocket add-on that comes attached with the Firefox browser. The security flaws could have allowed hackers to exfiltrate data from the company’s servers as well as populate reading lists with malicious links. The Pocket button in the Firefox browser allows you to save links, videos, web pages, or articles to your Pocket account with just a click, making it easier for you to read them later, usually offline. However, the vulnerabilities discovered by security researcher Clint Ruoho was such that it could allow hackers to get an unrestricted root access to the server hosting the application, the researcher wrote in his blog post . For this to be done, a hacker only needs: A browser The Pocket Mobile app Access to an Amazon EC2 Server which costs 2 cents an hour The researcher, with the goal of exploiting the service's main functionality
Understanding the Shared Security Model in Amazon Web Services

Understanding the Shared Security Model in Amazon Web Services

May 21, 2015Wang Wei
Security in the Amazon EC2 environment is a responsibility shared by both the end user and Amazon. This is because within this environment there are specific parts that Amazon has control of and specific parts that are controlled by the end user. For the end user, they are responsible for securing the operating systems running on their instances, as well as the applications running on those operating systems. On the other hand, physical security and security of the hypervisor is Amazon’s responsibility. When it comes to the network, security of that layer is a shared responsibility between the user and Amazon. Implications of the Shared Security Model Huge operational efficiencies can be gained in a shared security model, however this comes at the cost of the flexibility to have total control over an environment. In the past, significant security issues have occurred as organizations move to the shared model. During this transition, it’s key that organizations under
Beware: Fake 'The Interview' App Affects Android Users

Beware: Fake 'The Interview' App Affects Android Users

December 28, 2014Swati Khandelwal
" The Interview ", the controversial North Korean-baiting film which appeared to be the root cause of the cyber mishap occurred at Sony Pictures Entertainment that threatened terror attack at theaters showing the movie, now threatens to expose users of Android phones to a malware attack. Since its release, everyone is talking about "The Interview" — the Seth Rogen and James Franco-starring comedy centered around a TV host and his producer assassinating North Korean dictator Kim Jong Un. Because cybercriminals are known to take advantage of major events where there is a high level of public interest, The Interview became their target. In a joint investigation, Security researchers of McAfee and Technische Universität Darmstadt and the Center for Advanced Security Research Darmstadt (CASED) has discovered an Android app claiming to download 'The Interview' comedy on their smartphone devices actually infects users’ devices with banking trojan in
Exclusive Deals

Get Daily News Updates By Email

Join over 350,000 information security professionals — Get the best of our cyber security coverage delivered to your inbox every morning.