33 matches found
EUVD-2026-9509
ONTAP versions 9.12.1 and higher with S3 NAS buckets are susceptible to an information disclosure vulnerability. Successful exploit could allow an authenticated attacker to view a listing of the contents in a directory for which they lack permission...
CVE-2026-22052
ONTAP versions 9.12.1 and higher with S3 NAS buckets are susceptible to an information disclosure vulnerability. Successful exploit could allow an authenticated attacker to view a listing of the contents in a directory for which they lack permission...
CVE-2026-22052
ONTAP versions 9.12.1 and higher with S3 NAS buckets are susceptible to an information disclosure vulnerability. Successful exploit could allow an authenticated attacker to view a listing of the contents in a directory for which they lack permission...
EUVD-2022-7422
Malicious code in bioql PyPI...
Mass Ransomware Campaign Hits S3 Buckets Using Stolen AWS Keys
Researchers reveal a large-scale ransomware campaign leveraging over 1,200 stolen AWS access keys to encrypt S3 buckets. Learn…...
Supply Chain Attack: Abandoned S3 Buckets Used for Malicious Payloads
By Deeba Ahmed Threat actors have been taking over abandoned S3 buckets to launch malicious binaries, steal login credentials and more. This is a post from HackRead.com Read the original post: Supply Chain Attack: Abandoned S3 Buckets Used for Malicious Payloads...
New Supply Chain Attack Exploits Abandoned S3 Buckets to Distribute Malicious Binaries
In what's a new kind of software supply chain attack aimed at open source projects, it has emerged that threat actors could seize control of expired Amazon S3 buckets to serve rogue binaries without altering the modules themselves. "Malicious binaries steal the user IDs, passwords, local machine...
XML External Entity (XXE)
swift is vulnerable to XML External Entity XXE attacks. The vulnerability allows a remote authenticated attacker to access potentially sensitive data in S3 buckets by persuading the S3 API into returning arbitrary file contents from the host server...
Poro - Scan Publicly Accessible Assets On Your AWS Cloud Environment
Scan for publicly accessible assets on your AWS environment Services covered by this tool: AWS ELB API Gateway S3 Buckets RDS Databases EC2 instances Redshift Databases Poro also check if a tag you specify is applied to identified public resources using --tag-key and --tag-value arguments...
Slyther - AWS Security Tool
Slyther is AWS Security tool to check read/write/delete access for S3 buckets Requirements aws-cli Installation pip3 install -r requirements.txt Usage example python3 slyther.py -b flaws.cloud Release History 0.0.3 Added option to check if aws-cli is installed or not 0.0.2 Added option to check...
Kubernetes: File Read Vulnerability allows Attackers to Compromise S3 buckets using Prow
A vulnerability was found in AWS Prow that allowed attackers to sign the base path of S3 buckets used by Prow, leading to the dumping of the entire private bucket details and reading any file in the bucket. This could result in the compromise of S3 buckets containing production data...
Automated remediation level 4: Actual automation
Let’s get to automatically remediating already! This entry will be the last in our series based on The 4 Levels of Automated Remediation. After the previous 3 steps—where we discussed everything from logging to best practices to account hygiene—it’s time to talk about the actions that really let...
Security for Amazon Redshift
We’ll show you how to set up basic monitoring of AWS Redshift using their native security features, including how to set up a Redshift instance, creating S3 buckets, and shipping the audit logs to Cloudwatch. Basic security for Amazon Redshift can be accomplished through standard AWS security...
Securely Managing Entitlement of S3 Resources
Here we’ll talk about securely managing entitlements of S3 resources including managing access control to S3 objects and utilizing audit logging to keep track of the usage of shared resources. Amazon’s AWS services allow for accounts to grant access to resources from other accounts on AWS. This...
Nebula - Cloud C2 Framework, Which At The Moment Offers Reconnaissance, Enumeration, Exploitation, Post Exploitation On AWS
Nebula is a Cloud and hopefully DevOps Penetration Testing framework. It is build with modules for each provider and each functionality. As of April 2021, it only covers AWS, but is currently an ongoing project and hopefully will continue to grow to test GCP, Azure, Kubernetes, Docker, or...
Privilege Escalation
hadoop-ozone-client is vulnerable to privilege escalation. An attacker can use a curl command or an unauthenticated HTTP request to access S3 buckets and keys in a secure Apache Ozone Cluster, thereby allowing unauthorized access to buckets and keys resulting in exposure of data to anonymous...
CVE-2020-17517
The S3 buckets and keys in a secure Apache Ozone Cluster must be inaccessible to anonymous access by default. The current security vulnerability allows access to keys and buckets through a curl command or an unauthenticated HTTP request. This enables unauthorized access to buckets and keys thereb...
CVE-2020-17517
The S3 buckets and keys in a secure Apache Ozone Cluster must be inaccessible to anonymous access by default. The current security vulnerability allows access to keys and buckets through a curl command or an unauthenticated HTTP request. This enables unauthorized access to buckets and keys thereb...
Design/Logic Flaw
The S3 buckets and keys in a secure Apache Ozone Cluster must be inaccessible to anonymous access by default. The current security vulnerability allows access to keys and buckets through a curl command or an unauthenticated HTTP request. This enables unauthorized access to buckets and keys thereb...
CVE-2020-17517
The CVE-2020-17517 entry affects Apache Ozone prior to 1.1.0, where the S3 gateway/cluster allowed anonymous access to buckets and keys via curl or unauthenticated HTTP requests. This is a authorization/config issue that enables data exposure to unauthenticated users. The practical impact is data...