EUVD-2024-36473

Malicious code in bioql PyPI...

FIN6 Uses AWS-Hosted Fake Resumes on LinkedIn to Deliver More_eggs Malware

The financially motivated threat actor known as FIN6 has been observed leveraging fake resumes hosted on Amazon Web Services AWS infrastructure to deliver a malware family called Moreeggs. "By posing as job seekers and initiating conversations through platforms like LinkedIn and Indeed, the group...

CVE-2024-37163

SkyScrape is a GUI Dashboard for AWS Infrastructure and Managing Resources and Usage Costs. SkyScrape's API requests are currently unsecured HTTP requests, leading to potential vulnerabilities for the user's temporary credentials and data. This affects version 1.0.0...

AWS VDP: External service interaction (HTTP)

The External Service Interaction vulnerability was discovered in a URL. The vulnerability allowed an attacker to induce the application to interact with arbitrary external services such as DNS and HTTP. This vulnerability was outside the scope of the program, as the related infrastructure had bee...

YATAS - A Simple Tool To Audit Your AWS Infrastructure For Misconfiguration Or Potential Security Issues With Plugins Integration

Yet Another Testing & Auditing Solution The goal of YATAS is to help you create a secure AWS environment without too much hassle. It won't check for all best practices but only for the ones that are important for you based on my experience. Please feel free to tell me if you find something that i...

Requests-Ip-Rotator - A Python Library To Utilize AWS API Gateway's Large IP Pool As A Proxy To Generate Pseudo-Infinite IPs For Web Scraping And Brute Forcing

A Python library to utilize AWS API Gateway's large IP pool as a proxy to generate pseudo-infinite IPs for web scraping and brute forcing. This library will allow the user to bypass IP-based rate-limits for sites and services. X-Forwarded-For headers are automatically randomised and applied unles...

The AWS Service to Focus On – Amazon EC2

If we run a contest for Mr. Popular of Amazon Web Services AWS, without a doubt Amazon Simple Storage Service S3 has ‘winner’ written all over it. However, what’s popular is not always what is critical for your business to focus on. There is popularity and then there is dependability. Let’s...

AWS infrastructure Security Auditing: Cloud Security Suite

CS Suite is a one stop tool for auditing the security posture of the AWS infrastructure and does system audits as well. CS Suite leverages current open source tools capabilities and has other missing checks added into one tool to rule them all. The major features include: Simple installation with...

AWS re:Invent 2017: Wallarm Delivers its AI-enabled NG-WAF and scanner to AWS Customers

We are thrilled to be sponsoring this year’s AWS re:INVENT in Las Vegas. With many of our customers using AWS infrastructure it is critical for us to provide a frictionless way to protect APIs, applications and micro-services in AWS environments. Filtering nodes for Wallarm’s NG-WAF with Active...