Sources
Loading...
Additional media
Loading...
DeepNewz, mobile.
People-sourced. AI-powered. Unbiased News.
A new ransomware group, Codefinger, has been identified targeting Amazon Web Services (AWS) S3 buckets, according to a Jan. 13 threat intelligence report from Halcyon. The group uses AWS's server-side encryption with customer-provided keys (SSE-C) to encrypt data and demand payment for the decryption keys, making recovery impossible without the attacker's key. The attack flow involves identifying vulnerable AWS keys, encrypting files using SSE-C with a symmetric AES-256 key, setting a 7-day lifecycle policy for file deletion, and leaving ransom notes in affected directories. Amazon Web Services has stated that they notify customers of exposed keys and take actions to minimize risks, urging users to follow security best practices.
Targeted malicious packages are a growing problem all development teams need to be aware of. They need an automated solution to detect malicious code before they include these packages and execute the code. https://t.co/9ia3g5HCrU
Un nouveau ransomware profite de la négligence des utilisateurs et utilisatrices AWS pour semer le chaos dans des buckets S3. Si vous avez un doute sur l'intégrité de vos clés, mieux vaut les renouveler sans attendre. https://t.co/oPoU7AA5Ur
Microsoft is hiring a Security Researcher - AI Red Team. Your work will impact Microsoft’s AI portfolio including Phi series, Bing Copilot, Security Copilot, Github Copilot, Office Copilot and Windows Copilot and help keep Microsoft’s customers safe and secure.…
