this post was submitted on 10 Dec 2024
25 points (96.3% liked)

Cybersecurity

5876 readers
75 users here now

c/cybersecurity is a community centered on the cybersecurity and information security profession. You can come here to discuss news, post something interesting, or just chat with others.

THE RULES

Instance Rules

Community Rules

If you ask someone to hack your "friends" socials you're just going to get banned so don't do that.

Learn about hacking

Hack the Box

Try Hack Me

Pico Capture the flag

Other security-related communities [email protected] [email protected] [email protected] [email protected] [email protected]

Notable mention to [email protected]

founded 2 years ago
MODERATORS
top 4 comments
sorted by: hot top controversial new old
[–] [email protected] 8 points 3 weeks ago (1 children)

Fuck this article.

Using publicly available AWS IP ranges, attackers identified potential targets by scanning for application vulnerabilities or misconfigurations. [...] The group scanned exposed endpoints for sensitive data, including database access credentials, API keys and other security secrets

That's the most detailed information about the exploit in the article. And there's no relevant external links either. Literally nothing actionable in it.

[–] [email protected] 6 points 3 weeks ago (1 children)

Applying Occam's Razor, I assume this is publicly exposed buckets and lack of (or misconfigured) resource-based policies on those buckets, which is probably like the most common reason for these breaches.

[–] [email protected] 1 points 2 weeks ago (1 children)

But we'll never know because people can't do basic reporting.

Also, you generally don't magically get things like API keys and database credentials from buckets. Unless your team is completely braindead.

[–] [email protected] 2 points 2 weeks ago

you generally don't magically get things like API keys and database credentials from buckets

Oh you underestimate how clueless some people can be. One of the highest priority checks of cloud SOCs is to just routinely scan for public buckets, because people expose (accidentally or intentionally) stuff on their test or sandbox accounts a lot, and it’s not surprising to find keys and secrets in there. Obviously a simple SCP policy of denying API calls to make a bucket public will easily solve this problem, but then again, even big companies screw that up too.