Hacker News with Generative AI: Cloud Security

Volkswagen Data Leak Exposed 800k EV Owners' Movements (carscoops.com)
Many people worry about hackers stealing their personal data, but sometimes, the worst breaches come not from shadowy cybercriminals but straight from the companies we trust. According to a new report from Germany, the VW Group stored sensitive information for 800,000 electric vehicles from various brands on a poorly secured Amazon cloud—essentially leaving the digital door wide open for anyone to waltz in. And not just briefly, but for months on end.

Data Breaches, Privacy, Volkswagen, Electric Vehicles, Cloud Security

8 points by Vinnl 21 days ago | 2 comments

Oasis Security Research Team Discovers Microsoft Azure MFA Bypass (oasis.security)
Oasis Security's research team uncovered a critical vulnerability in Microsoft's Multi-Factor Authentication (MFA) implementation, allowing attackers to bypass it and gain unauthorized access to the user’s account, including Outlook emails, OneDrive files, Teams chats, Azure Cloud, and more. Microsoft has more than 400 million paid Office 365 seats, making the consequences of this vulnerability far-reaching.

Cybersecurity, Microsoft Azure, MFA, Vulnerabilities, Cloud Security

33 points by doener 37 days ago | 43 comments

Malicious PyPI package with 37,000 downloads steals AWS keys (bleepingcomputer.com)
A malicious Python package named 'fabrice' has been present in the Python Package Index (PyPI) since 2021, stealing Amazon Web Services credentials from unsuspecting developers.

Security, Python, Cloud Security, AWS, Malware

10 points by sandwichsphinx 69 days ago | 0 comments

Hacked TP-Link routers used in years-long account takeover attacks (arstechnica.com)
Hackers working on behalf of the Chinese government are using a botnet of thousands of routers, cameras, and other Internet-connected devices to perform highly evasive password spray attacks against users of Microsoft’s Azure cloud service, the company warned Thursday.

Cybersecurity, Botnets, Cloud Security, Microsoft Azure, Government Hacking

14 points by crazydoggers 77 days ago | 0 comments

Ask HN: Why is there not more concern about the physical security of Cloudflare? (ycombinator.com)
Using Hetzner and Azure, we trust that our unencrypted in-memory data and business logic are housed in professional data centers with strong physical security measures. However, Cloudflare has built its Workers and serverless offerings on top of its Cache/CDN and anti-DDoS infrastructure, which operates out of questionable ISP and IXP colocation facilities in various jurisdictions with dubious standards.

Cloud Security, Serverless Computing, Data Security, Physical Security

90 points by dtquad 93 days ago | 54 comments

A single cloud compromise can feed an army of AI sex bots (krebsonsecurity.com)
Organizations that get relieved of credentials to their cloud environments can quickly find themselves part of a disturbing new trend: Cybercriminals using stolen cloud credentials to operate and resell sexualized AI-powered chat services.

Cybersecurity, AI, Cloud Security, Sexbots

73 points by todsacerdoti 107 days ago | 81 comments

Show HN: Valv – Formally Verified KMS Alternative to HashiCorp Vault (github.com/molnett)

Security, Open Source, DevOps, Cloud Security, Alternatives

4 points by bittermandel 108 days ago | 1 comments

AWS Nitro Enclaves: Attack Surface (trailofbits.com)
In the race to secure cloud applications, AWS Nitro Enclaves have emerged as a powerful tool for isolating sensitive workloads. But with great power comes great responsibility—and potential security pitfalls.

Cloud Security, AWS, Security, Software

144 points by ingve 114 days ago | 15 comments

Notes on AWS Nitro Enclaves: Attack Surface (trailofbits.com)
In the race to secure cloud applications, AWS Nitro Enclaves have emerged as a powerful tool for isolating sensitive workloads. But with great power comes great responsibility—and potential security pitfalls. As pioneers in confidential computing security, we at Trail of Bits have scrutinized the attack surface of AWS Nitro Enclaves, uncovering potential bugs that could compromise even these hardened environments.

Cloud Security, AWS, Security Research, Confidential Computing

20 points by tatersolid 116 days ago | 1 comments

Fortinet admits miscreant got hold of customer data in the cloud (theregister.com)
Fortinet has admitted that bad actors accessed cloud-hosted data about its customers, but insisted it was a "limited number" of files. The question is: how limited is "limited"?

Cybersecurity, Data Breaches, Cloud Security

6 points by LinuxBender 125 days ago | 0 comments

Hacking misconfigured AWS S3 buckets: A complete guide (intigriti.com)
AWS S3 (Simple Storage Service) buckets are a popular storage service used by software companies and organizations to store public as well as sensitive data. However, the implementation of this service is not always correctly done. A single missing access policy can often introduce security risks, data leaks, or other unintended consequences.

Security, AWS, Cloud Security

259 points by yarapavan 131 days ago | 58 comments

Critical vulnerabilities in 6 AWS services disclosed at Black Hat USA (scmagazine.com)

Cybersecurity, AWS, Black Hat, Vulnerabilities, Cloud Security

55 points by noctarius 163 days ago | 19 comments

Threat actor abuses Cloudflare tunnels to deliver remote access trojans (proofpoint.com)

Cybersecurity, Threat Intelligence, Cloud Security

320 points by luu 169 days ago | 163 comments

Show HN: Shadow IT Scan – Uncover SaaS Apps, Users and Risky OAuth Scopes (accessowl.io)

Security, SaaS, Cloud Security, Shadow IT

69 points by mathiasn 171 days ago | 36 comments

WTF Is a Cloud Native Application Protection Platform (Cnapp)? (latio.tech)