Check Point Research identified a trend of user’s misconception of service on AWS system manager, resulting in personal records detection. 5 million personally identifiable information records and credit card transactions revealed by CPR. New AWS feature helps companies avoid mistakenly exposing AWS Systems Manager documents.
A misconfigured public SSM document might provide an attacker with valuable information about an account’s internal resources and operations. This not only serves as a good basis for social engineering attacks, but can also show additional resources being misconfigured. This can provide an initial foothold into the victim’s environment, potentially granting an attacker a view into the account’s deployment processes, resources, and backup procedures.
In the above example, you see a description of the document with the phrase “Connect Payer-Account”. Just like with resource names, any text or description included in the public document might alert an attacker to an opportunity.The sharing of SSM documents can be useful in a work environment. However, companies should be aware of how an attacker can use the information within the SSM document to stage an attack that can result in data exposure.
AWS Systems Manager provides the ability to automate operational tasks across AWS resources by creating SSM documents. An SSM document defines the actions that Systems Manager performs on their managed instances. Due to an increased rate of cloud migrations and deployments, CPR analyzed SSM documents and found a trend of misconceptions on the parameters of what should be shared within such documents.
United States Latest News, United States Headlines
Similar News:You can also read news stories similar to this one that we have collected from other news sources.
Amazon promotes AWS cybersecurity chief Stephen Schmidt to S-teamInsider tells the global tech, finance, markets, media, healthcare, and strategy stories you want to know. 亚马逊向首席执行官安迪·贾西(Andy Jassy)报告的最高领导团队S-team加入了网络安全老手 Career Advice from Amazon's CEO, Andy Jassy via YouTube
Source: BusinessInsider - 🏆 729. / 51 Read more »
Source: hackernoon - 🏆 532. / 51 Read more »
Source: hackernoon - 🏆 532. / 51 Read more »
Source: hackernoon - 🏆 532. / 51 Read more »
Source: Gizmodo - 🏆 556. / 51 Read more »
Source: NBCNews - 🏆 10. / 86 Read more »