Dark Reading

Threat Hunting in AWS: What to Look for in CloudTrail

When threat actors gain a foothold in AWS, they don't just move fast; they also move stealthily. They can quickly create roles, change policies, and access data in ways that mimic legitimate behavior, ...
Bleeping Computer

Hackers target SSRF bugs in EC2-hosted sites to steal AWS credentials

A targeted campaign exploited Server-Side Request Forgery (SSRF) vulnerabilities in websites hosted on AWS EC2 instances to extract EC2 Metadata, which could include Identity and Access Management ...
CRN

Hackers Target AWS IMDS And EC2 To Steal Credentials: Wiz Report

‘We uncovered exploitation in the wild of a previously unknown zero-day vulnerability in a popular web service stemming from insecure use of Pandoc,’ said Wiz researchers in a new report.