all InfoSec news logo
all InfoSec news - Your InfoSec news aggregator
Log in Sign up
all InfoSec news

New Supply Chain Attack Exploits Abandoned S3 Buckets to Distribute Malicious Binaries

Add to bookmarks
June 15, 2023, 11:56 a.m. | info@thehackernews.com (The Hacker News)

The Hacker News thehackernews.com

In what's a new kind of software supply chain attack aimed at open source projects, it has emerged that threat actors could seize control of expired Amazon S3 buckets to serve rogue binaries without altering the modules themselves.
"Malicious binaries steal the user IDs, passwords, local machine environment variables, and local host name, and then exfiltrates the stolen data to the hijacked

amazon attack control environment expired exploits ids local machine malicious modules open source passwords projects rogue s3 buckets software software supply chain software supply chain attack steal supply supply chain supply chain attack threat threat actors

Visit resource

More from thehackernews.com / The Hacker News

FIN7 Hacker Group Leverages Malicious Google Ads to Deliver NetSupport RAT 1 day, 4 hours ago | thehackernews.com
actor ads anydesk asana +20
North Korean Hackers Deploy New Golang Malware 'Durian' Against Crypto Firms 1 day, 20 hours ago | thehackernews.com
actor attacks backdoor commands +20
CensysGPT: AI-Powered Threat Hunting for Cybersecurity Pros (Webinar) 1 day, 22 hours ago | thehackernews.com
advanced ai-powered ai tools artificial +19
Chrome Zero-Day Alert — Update Your Browser to Patch New Vulnerability 2 days, 1 hour ago | thehackernews.com
actively exploited address alert anonymous +25
What's the Right EDR for You? 2 days, 1 hour ago | thehackernews.com
and response antivirus business businesses +18
Malicious Android Apps Pose as Google, Instagram, WhatsApp, Spread via Smishing 2 days, 1 hour ago | thehackernews.com
android android app android apps app +20
Researchers Uncover 'LLMjacking' Scheme Targeting Cloud-Hosted AI Models 2 days, 3 hours ago | thehackernews.com
access ai models attack cloud +24
New TunnelVision Attack Allows Hijacking of VPN Traffic via DHCP Manipulation 2 days, 17 hours ago | thehackernews.com
attack bypass cve cve-2024 +25
Kremlin-Backed APT28 Targets Polish Institutions in Large-Scale Malware Campaign 2 days, 20 hours ago | thehackernews.com
actor apt28 called campaign +23

Jobs in InfoSec / Cybersecurity

Post a job on infosec-jobs.com Find talent on infosec-jobs.com

Senior Manager, Response Analytics & Insights (Fraud Threat Management)

@ Scotiabank | Toronto, ON, CA, M3C0N5
View on infosec-jobs.com

Cybersecurity Risk Analyst IV

@ Computer Task Group, Inc | Buffalo, NY, United States
View on infosec-jobs.com

Information System Security Engineer (ISSE) – Risk Management Framework (RMF), AWS, ACAS, ESS.

@ ARA | Raleigh, North Carolina, United States
View on infosec-jobs.com

2024 Fall Cybersecurity Engineering Intern | Novi, MI

@ Dana Incorporated | Novi, MI, US, 48377
View on infosec-jobs.com

Consultant Sharepoint

@ Talan | Luxembourg, Luxembourg
View on infosec-jobs.com

Senior Information Systems Security Officer (ISSO) - onsite Tucson, AZ

@ RTX | AZ842: RMS AP Bldg 842 1151 East Hermans Road Building 842, Tucson, AZ, 85756 USA
View on infosec-jobs.com
View more jobs