all InfoSec news logo
all InfoSec news - Your InfoSec news aggregator
Log in Sign up
all InfoSec news

Improving GuardDuty’s Data Exfiltration Protections

Add to bookmarks
c
May 25, 2023, 7:03 p.m. |

Cloud Security Alliance cloudsecurityalliance.org

Originally published by Gem Security. Written by Itay Harel and Ran Amos. A few weeks ago, Gem’s threat research team discovered a technique that could have allowed an attacker to bypass AWS GuardDuty’s threat detection service. Using these methods, threat actors in possession of IAM active credentials that had the power to update S3 bucket policies could have bypassed GuardDuty’s S3 detections and silently updated permissions for S3 resources, resulting in a bucket configuration that all...

amos aws bypass credentials data data exfiltration detection exfiltration gem gem security guardduty iam power research s3 bucket security service team threat threat actors threat detection threat research update written

Visit resource

More from cloudsecurityalliance.org / Cloud Security Alliance

Cl
How DSPM Can Help Solve Healthcare Cybersecurity Attacks 6 days, 15 hours ago | cloudsecurityalliance.org
access access controls article attacks +41
Cl
Considerations When Including AI Implementations in Penetration Testing 6 days, 15 hours ago | cloudsecurityalliance.org
application artificial artificial intelligence ask +15
Cl
Five Reasons Why Ransomware Still Reigns 6 days, 15 hours ago | cloudsecurityalliance.org
ben ciso consent cxo +15
Cl
DevSecOps Tools 6 days, 15 hours ago | cloudsecurityalliance.org
code code management development devops +18
Cl
Your Ultimate Guide to Security Frameworks 1 week, 1 day ago | cloudsecurityalliance.org
breaches build business customers +13
Cl
The Future of Cloud Cybersecurity 1 week, 1 day ago | cloudsecurityalliance.org
businesses ceo cloud cloud computing +15
Cl
AI Hallucinations: The Emerging Market for Insuring Against Generative AI's Costly Blunders 1 week, 1 day ago | cloudsecurityalliance.org
ai governance ai hallucinations blog chair +16
Cl
Why Business Risk Should be Your Guiding North Star for Remediation 1 week, 1 day ago | cloudsecurityalliance.org
adoption agile attack attack surface +19
Cl
Upselling Cybersecurity: Why Baseline Security Features Shouldn’t Be a Commodity 1 week, 1 day ago | cloudsecurityalliance.org
accountability advisory barr advisory consulting +23

Jobs in InfoSec / Cybersecurity

Post a job on infosec-jobs.com Find talent on infosec-jobs.com

SOC 2 Manager, Audit and Certification

@ Deloitte | US and CA Multiple Locations
View on infosec-jobs.com

Professional Services Resident Consultant / Senior Professional Services Resident Consultant - AMS

@ Zscaler | Bengaluru, India
View on infosec-jobs.com

Head of Security, Risk & Compliance

@ Gedeon Richter Pharma GmbH | Budapest, HU
View on infosec-jobs.com

Unarmed Professional Security Officer - County Hospital

@ Allied Universal | Los Angeles, CA, United States
View on infosec-jobs.com

Senior Software Engineer, Privacy Engineering

@ Block | Seattle, WA, United States
View on infosec-jobs.com

Senior Cyber Security Specialist

@ Avaloq | Bioggio, Switzerland
View on infosec-jobs.com
View more jobs