News

CSOonline11mon
AWS environments compromised through exposed .env files
The AWS spokesperson warned that environment variable files should never be publicly exposed, “and even if kept private, should never contain AWS credentials. AWS provides a variety of easy-to ...
Bleeping Computer3y
Popular Python and PHP libraries hijacked to steal AWS keys
The malicious code sends all the environment variables to a heroku app, likely to mine AWS credentials. — Somdev Sangwan (@s0md3v) May 24, 2022 These claims were vetted by the Sonatype security ...
Bleeping Computer3y
PyPi python packages caught sending stolen AWS keys ... - BleepingComputer
Even if these packages were used for legitimate security testing and the operators behind them never intended to exploit the stolen details, their presence on PyPI might have exposed "involuntary ...
Infosecurity-magazine.com1y
LeakyCLI Flaw Exposes AWS and Google Cloud Credentials
Dubbed “LeakyCLI” by the Orca Security team, the flaw exposes sensitive credentials in logs, posing potential risks to organizations utilizing AWS and Google Cloud platforms. The issue mirrors a ...