Infosecurity-magazine.com

Source Code of Over 1800 Android and iOS Apps Gives Access to AWS Credentials

The Symantec Threat Hunter team has spotted 1859 apps across Android and iOS containing hard-coded Amazon Web Services (AWS) access tokens that permitted access to private AWS cloud services. Of all ...
Ars Technica

Here’s how carefully concealed backdoor in fake AWS files escaped mainstream notice

Researchers have determined that two fake AWS packages downloaded hundreds of times from the open source NPM JavaScript repository contained carefully concealed code that backdoored developers’ ...
CSOonline

Abandoned AWS S3 buckets open door to remote code execution, supply-chain compromises

Attackers re-register abandoned AWS S3 buckets filled with malicious files that are executed by applications looking for these buckets. Code references to nonexistent cloud assets continue to pose ...
CSOonline

AWS environments compromised through exposed .env files

Attackers collected Amazon Web Services keys and access tokens to various cloud services from environment variables insecurely stored in tens of thousands of web applications. A data extortion ...