Jump to content
OpenSecurity.global

Search the Community

Showing results for tags 's3'.


More search options

  • Search By Tags

    Type tags separated by commas.

  • Search By Author

Content Type


Forums

  • Cybersecurity
    • General Discussion
    • Questions
    • TLP Rainbow
    • Vulnerabilities
  • Dataleaks
    • Publicly disclosed
    • In flight remediation process
  • OpenSecurity.global
  • Privacy's General Discussion
  • Weird malware samples's -- discussion
  • Video game nasties's games games games
  • The Authenticationverse's Topics
  • The Podcast Club's Podcast Discussion
  • Conferences's BlackHat/Defcon/BSidesLV 2019
  • Conferences's CCC
  • Conferences's BSides Conferences
  • Conferences's UK Conferences
  • Conferences's EU Conferences
  • Open Source Intelligence (OSINT)'s OSINT Tools
  • Open Source Intelligence (OSINT)'s Techniques
  • Open Source Intelligence (OSINT)'s War Stories
  • Memes and Shitposting's Meme Safari
  • Reverse Engineering's Discussion
  • Exploit Development's Exploit Dev Chat
  • Security Research's General Discussion
  • Security Research's Weekly Questions
  • Irish Infosec's MeetUps
  • Irish Infosec's Only_In_Ireland
  • Irish Infosec's General Irish Chat
  • Live In a Simulation?'s Arguments for simulation
  • Cyber pets's CYBER PETS FROM THE FUTURE
  • Pond Diplomacy's Topics
  • Blue Team Club's Topics
  • Red Team Club's Topics
  • Pop Culture's Discuss Amazon's The Boys
  • Pop Culture's Disney’s The Lyin King
  • Pop Culture's Free For All
  • Mentoring's Conference Speaking
  • Mentoring's Career Progression
  • Careers's We're Hiring!
  • Careers's I'm Looking!
  • Careers's I want to break in!
  • Careers's CV Help or Career Guidance
  • DFIR's Tools
  • DFIR's General DFIR
  • Incident Response's Incident Response playbooks
  • Login Abuse and ATO Fraud detection/Mitigation techniques.'s Login Abuse and ATO Fraud detection/Mitigation techniques.
  • Yorkshire (UK) InfoSec's Misc Topics
  • Yorkshire (UK) InfoSec's Leeds
  • Yorkshire (UK) InfoSec's Sheffield
  • Colorado InfoSec's Meetups
  • Social Engineering's General SE Fun
  • Social Engineering's Defense
  • Social Engineering's Attacker Techniques
  • GET OFF MY LAWN!'s General Chat
  • Memory Forensics's Tools of the trade
  • Memory Forensics's Techniques
  • Memory Forensics's War Stories
  • Memory Forensics's Research
  • Memory Forensics's Resources
  • Appsec's Topics
  • Washington InfoSec's Security Conferences in or near Washington
  • Intelligence Monitoring Operations's Tradecraft (Tactics + Techniques)
  • Intelligence Monitoring Operations's Monitoring Strategies
  • Intelligence Monitoring Operations's Personas & OPSEC
  • Intelligence Monitoring Operations's Data Breach Leaks

Find results in...

Find results that contain...


Date Created

  • Start

    End

Last Updated

  • Start

    End

Filter by number of...

Joined

  • Start

    End

Group

About Me

Found 2 results

  1. Kevin Beaumont
    I've emailed Akamai, it appears to be some kind of managed multi CDN solution. Data contains IP address, request URL, browser agent, date and time. Screenshot, not exhaustive obviously.
  2. Kevin Beaumont
    Indictment PDF: https://www.dropbox.com/s/z7u5rxcdajuvw6t/19718675504.pdf?dl=0 A bunch of things stand out: Why did the WAF account apparently have access to the S3 storage buckets? Why wasn't the data of hundreds of millions of people's credit checks encrypted? Should that kind of data have been left for so long in cloud buckets? Why didn't they notice all these S3 buckets being sync'd to a random VPN IP address? It happened 4 months ago. Why didn't they notice the Gitlab pages listing their config? Why didn't they notice until somebody random emailed them to tell them? I don't know if more details will go public (they probably don't want it to get to trial for obvious reasons). I guess lessons learned from outside looking in is: - Monitoring. Ingest your cloud logs. Alert against them. Monitor sites like Github and Gitlab for obviously sensitive information, e.g. usernames, bucket names etc. And yes, this is the kind of incident that would (and still will) catch many orgs with their pants down, Capital One aren't alone. It looks like the same person behind this one hit other fintech orgs too, looking at their online files - I'm going to guess they haven't noticed yet either.
×
×
  • Create New...

Important Information

We use cookies as we're cookie monsters. Privacy Policy

  I accept