all InfoSec news logo
all InfoSec news - Your InfoSec news aggregator
Log in Sign up
all InfoSec news

Alert: Threat Actors Can Leverage AWS STS to Infiltrate Cloud Accounts

Add to bookmarks
Dec. 6, 2023, 1:38 p.m. | info@thehackernews.com (The Hacker News)

The Hacker News thehackernews.com

Threat actors can take advantage of Amazon Web Services Security Token Service (AWS STS) as a way to infiltrate cloud accounts and conduct follow-on attacks.
The service enables threat actors to impersonate user identities and roles in cloud environments, Red Canary researchers Thomas Gardner and Cody Betsworth said in a Tuesday analysis.
AWS STS is a web service that enables

accounts alert amazon amazon web services attacks aws cloud cloud environments environments identities red canary researchers roles security service services thomas threat threat actors token web web services

Visit resource

More from thehackernews.com / The Hacker News

A SaaS Security Challenge: Getting Permissions All in One Place 5 hours ago | thehackernews.com
access all in apps base +16
New Spectre-Style 'Pathfinder' Attack Targets Intel CPU, Leak Encryption Keys and Data 5 hours ago | thehackernews.com
academics advanced advanced encryption aes +30
The Fundamentals of Cloud Security Stress Testing 8 hours ago | thehackernews.com
assets attackers cloud cloud security +17
Hijack Loader Malware Employs Process Hollowing, UAC Bypass in Latest Version 8 hours ago | thehackernews.com
aim analysis anti-analysis bypass +19
Hackers Exploiting LiteSpeed Cache Bug to Gain Full Control of WordPress Sites 12 hours ago | thehackernews.com
accounts actively exploited admin bogus +25
Russian Hacker Dmitry Khoroshev Unmasked as LockBit Ransomware Administrator 1 day, 4 hours ago | thehackernews.com
addition administrator agency crime +17
APT42 Hackers Pose as Journalists to Harvest Credentials and Access Cloud Data 1 day, 6 hours ago | thehackernews.com
academia access activists apt42 +32
China-Linked Hackers Used ROOTROT Webshell in MITRE Network Intrusion 1 day, 7 hours ago | thehackernews.com
attack back china china-linked hackers +16
New Case Study: The Malicious Comment 1 day, 9 hours ago | thehackernews.com
case code comments discover +12

Jobs in InfoSec / Cybersecurity

Post a job on infosec-jobs.com Find talent on infosec-jobs.com

Junior Cybersecurity Analyst - 3346195

@ TCG | 725 17th St NW, Washington, DC, USA
View on infosec-jobs.com

Cyber Intelligence, Senior Advisor

@ Peraton | Chantilly, VA, United States
View on infosec-jobs.com

Consultant Cybersécurité H/F - Innovative Tech

@ Devoteam | Marseille, France
View on infosec-jobs.com

Manager, Internal Audit (GIA Cyber)

@ Standard Bank Group | Johannesburg, South Africa
View on infosec-jobs.com

Staff DevSecOps Engineer

@ Raft | San Antonio, TX (Local Remote)
View on infosec-jobs.com

Domain Leader Cybersecurity

@ Alstom | Bengaluru, KA, IN
View on infosec-jobs.com
View more jobs