Dark Reading

AWS Tokens Lurking in Android, iOS Apps Crack Open Corporate Cloud Data

Thousands of customer-facing Android and iOS mobile apps — including banking apps — have been found to contain hardcoded Amazon Web Services (AWS) credentials that would allow cyberattackers to steal ...
SiliconANGLE

Three-quarters of mobile applications found to contain valid AWS access tokens

A disturbing new report finds that three-quarters of mobile applications analyzed contained valid Amazon Web Services Inc. access tokens that allowed access to private AWS cloud services. The findings ...
Bleeping Computer

Thousands of GitHub, AWS, Docker tokens exposed in Travis CI logs

For a second time in less than a year, the Travis CI platform for software development and testing has exposed user data containing authentication tokens that could give access to developers’ accounts ...
Bleeping Computer

GitHub Actions artifacts found leaking auth tokens in popular projects

Multiple high-profile open-source projects, including those from Google, Microsoft, AWS, and Red Hat, were found to leak GitHub authentication tokens through GitHub Actions artifacts in CI/CD ...
CSOonline

Malicious PyPI package targets Chimera users to steal AWS tokens, CI/CD secrets

“Chimera-sandbox-extensions” exploit highlights rising risks of open-source package abuse, prompting calls for stricter dependency controls and DGA malware detection. A malicious Python package posing ...
ZDNet

New tool detects AWS intrusions where hackers abuse self-replicating tokens

Security firm CyberArk has released a new tool called SkyWrapper that can detect a certain class of intrusions and malicious activity inside AWS (Amazon Web Services) computing environments. These ...
Forbes

Amazon Confirms WorkSpaces Linux Client Authentication Issue

Forbes contributors publish independent expert analyses and insights. Davey Winder is a veteran cybersecurity writer, hacker and analyst. Amazon Web Services has issued a security bulletin, ...