all InfoSec news logo
all InfoSec news - Your InfoSec news aggregator
Log in Sign up
all InfoSec news

Improving GuardDuty’s Data Exfiltration Protections

Add to bookmarks
c
May 25, 2023, 7:03 p.m. |

Cloud Security Alliance cloudsecurityalliance.org

Originally published by Gem Security. Written by Itay Harel and Ran Amos. A few weeks ago, Gem’s threat research team discovered a technique that could have allowed an attacker to bypass AWS GuardDuty’s threat detection service. Using these methods, threat actors in possession of IAM active credentials that had the power to update S3 bucket policies could have bypassed GuardDuty’s S3 detections and silently updated permissions for S3 resources, resulting in a bucket configuration that all...

amos aws bypass credentials data data exfiltration detection exfiltration gem gem security guardduty iam power research s3 bucket security service team threat threat actors threat detection threat research update written

Visit resource

More from cloudsecurityalliance.org / Cloud Security Alliance

Cl
The Path to SOC 2 Compliance for Startups 2 days, 17 hours ago | cloudsecurityalliance.org
business can challenges companies +16
Cl
Learn How to Navigate Ransomware Attacks in a Digital World 4 days, 13 hours ago | cloudsecurityalliance.org
attacks businesses computer digital +16
Cl
What are the ISO 9001 Requirements? 1 week, 1 day ago | cloudsecurityalliance.org
certification compliance context evaluation +16
Cl
What is Agile Compliance? | Continuous Monitoring for Enhanced Risk Reduction 1 week, 3 days ago | cloudsecurityalliance.org
agile amp best practices blog +32
Cl
Unlocking Trust in the Digital Age: The Power of Blockchain Technologies 1 week, 3 days ago | cloudsecurityalliance.org
age blockchain business communication +20
Cl
Level Up Your Security Strategy with Cyber Resilience 1 week, 4 days ago | cloudsecurityalliance.org
advisory barr advisory breach can +16
Cl
Mastering Least Privilege: Cutting Unused Access 1 week, 4 days ago | cloudsecurityalliance.org
access attack attack surface breaches +16
Cl
How Cybersecurity and AI Will Influence Global Elections in 2024 1 week, 4 days ago | cloudsecurityalliance.org
advocacy artificial artificial intelligence big +20
Cl
Mastering Secure DevOps with Six Key Strategies 1 week, 5 days ago | cloudsecurityalliance.org
addresses applications attacks breaches +24

Jobs in InfoSec / Cybersecurity

Post a Job Search Talent

CyberSOC Technical Lead

@ Integrity360 | Sandyford, Dublin, Ireland
View on infosec-jobs.com

Cyber Security Strategy Consultant

@ Capco | New York City
View on infosec-jobs.com

Cyber Security Senior Consultant

@ Capco | Chicago, IL
View on infosec-jobs.com

Sr. Product Manager

@ MixMode | Remote, US
View on infosec-jobs.com

Security Compliance Strategist

@ Grab | Petaling Jaya, Malaysia
View on infosec-jobs.com

Cloud Security Architect, Lead

@ Booz Allen Hamilton | USA, VA, McLean (1500 Tysons McLean Dr)
View on infosec-jobs.com