Head Topics

How AWS Misconception Resulted in Detection of 5 Million Personal Records | HackerNoon

  • 📰 hackernoon
  • ⏱ Reading Time:
  • 67 sec. here
  • 3 min. at publisher
  • 📊 Quality Score:
  • News: 30%
  • Publisher: 51%

United States Headlines News

United States Latest News,United States Headlines

'How AWS Misconception Resulted in Detection of 5 Million Personal Records' by CheckPointSW checkpoint cybersecurity

Check Point Research identified a trend of user’s misconception of service on AWS system manager, resulting in personal records detection. 5 million personally identifiable information records and credit card transactions revealed by CPR. New AWS feature helps companies avoid mistakenly exposing AWS Systems Manager documents.

A misconfigured public SSM document might provide an attacker with valuable information about an account’s internal resources and operations. This not only serves as a good basis for social engineering attacks, but can also show additional resources being misconfigured. This can provide an initial foothold into the victim’s environment, potentially granting an attacker a view into the account’s deployment processes, resources, and backup procedures.

In the above example, you see a description of the document with the phrase “Connect Payer-Account”. Just like with resource names, any text or description included in the public document might alert an attacker to an opportunity.The sharing of SSM documents can be useful in a work environment. However, companies should be aware of how an attacker can use the information within the SSM document to stage an attack that can result in data exposure.

AWS Systems Manager provides the ability to automate operational tasks across AWS resources by creating SSM documents. An SSM document defines the actions that Systems Manager performs on their managed instances. Due to an increased rate of cloud migrations and deployments, CPR analyzed SSM documents and found a trend of misconceptions on the parameters of what should be shared within such documents.

 

Thank you for your comment. Your comment will be published after being reviewed.
Please try again later.
We have summarized this news so that you can read it quickly. If you are interested in the news, you can read the full text here. Read more:

 /  🏆 532. in US

United States Latest News, United States Headlines

Similar News:You can also read news stories similar to this one that we have collected from other news sources.

Amazon promotes AWS cybersecurity chief Stephen Schmidt to S-teamInsider tells the global tech, finance, markets, media, healthcare, and strategy stories you want to know. 亚马逊向首席执行官安迪·贾西(Andy Jassy)报告的最高领导团队S-team加入了网络安全老手 Career Advice from Amazon's CEO, Andy Jassy via YouTube
Source: BusinessInsider - 🏆 729. / 51 Read more »

New: Leave a Note For Your Human Editor | Hacker NoonRumor has it there’s a new feature in town allowing you to leave personal notes to HackerNoon’s editors.
Source: hackernoon - 🏆 532. / 51 Read more »

What Is Ethereum? Learning Crypto with Amy on The HackerNoon Podcast | HackerNoon
Source: hackernoon - 🏆 532. / 51 Read more »

Hacker Noon Editors: Superheroes without Capes | Hacker Noon'Hacker Noon Editors: Superheroes without Capes' hackernoon hackernooncontributor
Source: hackernoon - 🏆 532. / 51 Read more »

Earth Is Surrounded by a 1,000-Light-Year-Wide Bubble That Cooks Up StarsThe Local Bubble is probably the result of millions of years of stellar explosions. 😊 means we're well protected. Now, should we keep searching for aliens?
Source: Gizmodo - 🏆 556. / 51 Read more »

'Hero rat' renowned for record-breaking Cambodia land mine detection diesHe was dubbed a “hero rat” after he sniffed out more than 100 land mines and other explosives in Cambodia. But after a short retirement, Magawa died Sunday, according to the charity APOPO. In praise of animal excellence!
Source: NBCNews - 🏆 10. / 86 Read more »