WatchTowr Labs researchers report on 150 abandoned AWS S3 buckets that could be exploited, posing a risk to the software supply chain. These buckets, previously used by high-profile entities including government agencies and Fortune 500 companies, had millions of incoming requests for software updates. WatchTowr spent two months monitoring these requests after re-registering the buckets. The implications of this finding reveal significant security vulnerabilities, emphasizing the need for organizations to manage their cloud infrastructure effectively to prevent potential hijacking for malicious purposes.
Abandoned AWS S3 buckets could be reused to hijack the global software supply chain in an attack that could far surpass the SolarWinds incident.
The re-registration of about 150 Amazon-hosted cloud storage buckets led to over eight million requests for resources from notable networks, highlighting major security risks.
Collection
[
|
...
]