Wednesday , July 2 2025
AWS

Hackers Exploit AWS Misconfigurations: allegedly 2TB data lost

Thousands of AWS customers had terabytes of sensitive data, including personal details, AWS credentials, and proprietary code, compromised in a cyber attack linked to the ShinyHunters hacking group. They gained access to sensitive information through poorly set up systems, resulting in over 2 TB of compromised data.

Source: VPN mentor

Cybersecurity researchers Noam Rotem and Ran Locar discovered an operation that exploited vulnerabilities and misconfigurations on several public websites to access sensitive data illegally.

CYDES 2025
MCSS to implement 6 strategic goals with 7 objectives over 6 year: NACSA Chief

The second day of the Cyber Defence & Security Exhibition and Conference (CYDES) 2025 further cemented Malaysia’s position as a...
Read More
CYDES 2025  MCSS to implement 6 strategic goals with 7 objectives over 6 year: NACSA Chief

CYDES 2025
Malaysia placed cybersecurity heart of the regional agenda: DPM Ahmad Zahid

Malaysia's Deputy Prime Minister Datuk Seri Dr. Ahmad Zahid Hamidi said that Malaysia has placed cybersecurity at the heart of...
Read More
CYDES 2025  Malaysia placed cybersecurity heart of the regional agenda: DPM Ahmad Zahid

Amid Meta moves; OpenAI is largely shutting down next week: Wired

Mark Chen, the chief research officer at OpenAI, sent a forceful memo to staff on Saturday, promising to go head-to-head...
Read More
Amid Meta moves; OpenAI is largely shutting down next week: Wired

Canada orders Hikvision to close operations over national security

The Canadian government ordered Hikvision to stop all operations in the country due to national security concerns. Hikvision, based in...
Read More
Canada orders Hikvision to close operations over national security

First couple “Rosie” to conceive using AI tech “STAR” successfully

Doctors at Columbia University Fertility Center have reported what they are calling the first pregnancy using a new AI system,...
Read More
First couple “Rosie” to conceive using AI tech “STAR” successfully

Scattered Spider Actively Attacking Aviation and Transportation: FBI

Cybersecurity experts and federal authorities are warning that the Scattered Spider hackers are now targeting aviation and transportation, indicating a...
Read More
Scattered Spider Actively Attacking Aviation and Transportation: FBI

Russia’s restrictions on Cloudflare making websites inaccessible

Since June 9, 2025, Russian users connecting to Cloudflare services have faced throttling by ISPs. As the throttling is being...
Read More
Russia’s restrictions on Cloudflare making websites inaccessible

61 million Verizon records allegedly posted online for sale

A new report from SafetyDetectives reveals that hackers posted a massive 3.1GB dataset online, containing about 61 million records reportedly...
Read More
61 million Verizon records allegedly posted online for sale

Cyber Expert ‘Rene Joshilda’ Arrested for Bomb Hoaxes

A 30-year-old robotics engineer from Chennai set off alarm bells in 11 states by allegedly sending hoax bomb threats. She...
Read More
Cyber Expert ‘Rene Joshilda’ Arrested for Bomb Hoaxes

Critical RCE Flaws in Cisco ISE and ISE-PIC Allow to Gain Root Access

Cisco has issued updates to fix two critical security vulnerabilities in Identity Services Engine (ISE) and ISE Passive Identity Connector...
Read More
Critical RCE Flaws in Cisco ISE and ISE-PIC Allow to Gain Root Access

“We have identified a significant operation that scanned millions of websites, exploiting vulnerabilities in improperly configured public sites,” said researchers from vpnMentor, the cybersecurity research firm that collaborated with Rotem and Locar to publish a report on the findings. “This incident resulted in the exposure of sensitive keys and secrets, granting unauthorized access to customer data.”

The report mentioned that skilled hackers, who spoke French, used advanced tools to search the internet for security weaknesses.

“All services are operating as expected,” an AWS spokesperson said.

“AWS credentials include secrets that must be handled securely. AWS provides capabilities which remove the need to ever store these credentials in source code. For example, AWS Secrets Manager helps you manage, retrieve, and rotate database credentials, API keys, and other secrets throughout their lifecycles. Customers still sometimes inadvertently expose credentials in public code repositories. When AWS detects this exposure, we automatically apply a policy to quarantine the IAM user with the compromised credentials to drastically limit the actions available to that user, and we notify the customer. If a customer’s credentials are compromised, we recommend they revoke the credentials, check AWS CloudTrail logs for unwanted activity, and review their AWS account for any unwanted usage.”

“We found the open bucket during our own scans for misconfigured cloud environments,” Rotem said. “Our goal was to have it closed so the customer data inside would remain safe; the perpetrators from Nemesis did the same for different intentions.”

As Rotem and Locar noted in a report published Monday and shared in advance with The Register, the misconfigurations that allowed attackers to steal at least 1,526 AWS customer credentials in August alone “are on the customer side of the shared responsibility model.” Yes, they affected AWS customers. But they “could occur on any cloud service provider.”

Attackers used custom Python and PHP scripts to exploit open-source tools like Laravel to steal credentials, including Git, SMTP, and cryptocurrency keys. They stored verified credentials for later use and installed remote shells for deeper access.

AWS keys were tested for access to IAM, SES, SNS, and S3 services, allowing attackers to maintain persistence, send phishing emails, and steal sensitive data. AI service keys were excluded, probably because of outdated tools or their limited value.

Source: The register, infosecurity-magazine

Check Also

Canada orders Hikvision to close operations over national security

The Canadian government ordered Hikvision to stop all operations in the country due to national …

Leave a Reply

Your email address will not be published. Required fields are marked *