Indonesian Cybercriminals Exploit AWS for Profitable Crypto Mining Operations

A financially motivated threat actor of Indonesian origin has been observed leveraging Amazon Web Services AWS Elastic Compute Cloud EC2 instances to carry out illicit crypto mining operations. Cloud security company's Permiso P0 Labs, which first detected the group in November 2021, has assigned...

Palo Alto Software: DNS Miconfiguration Leads to Subdomain Takeover - max1.liveplan.com

Summary The issue happens due to using EC2 public DNS instead of using Elastic IPs as CNAME record. This report is simliar to report 1069795 Misconfiguration - DNS Records json "host": "max1.liveplan.com", "resolver": "1.0.0.1:53" , "a": "54.68.121.128" , "cname":...

AlienVault : SSRF bypass #2 (using octal encoding) on the https://www.threatcrowd.org/domain.php

Description The latest SSRF fixes can be bypassed, using octal encoding of the AWS IP. There is other more general bypass, which can't be fixed using blacklisting - it's reported in the 288183. POC https://www.threatcrowd.org/domain.php?domain=0251.00376.000251.0000376 F237500 Suggested fix As wa...