CYBERNEWSMEDIA Network:||
CYBERNEWSMEDIA
CYBERNEWSMEDIA

Cybersecurity News, Insights & Analysis

Latest
TrueConf Zero-Day Exploited in Asian Government Attacks
In Other News: ChatGPT Data Leak, Android Rootkit, Water Facility Hit by Ransomware
Critical ShareFile Flaws Lead to Unauthenticated RCE
Mobile Attack Surface Expands as Enterprises Lose Control
React2Shell Exploited in Large-Scale Credential Harvesting Campaign
AD · 970×250

Cloud Security

AWS Trusted Advisor Tricked Into Showing Unprotected S3 Buckets as Secure

AWS has addressed a vulnerability that could have been leveraged to bypass Trusted Advisor’s S3 bucket permissions check. The post AWS Trusted Advisor Tricked Into Showing Unprotected S3 Buckets as Secure appeared first on SecurityWeek.

AWS Trusted Advisor

AWS has addressed a weakness that could have been leveraged by attackers to prevent AWS Trusted Advisor from flagging unprotected S3 buckets as a risk.

AWS Trusted Advisor is designed to analyze customers’ environments and provide recommendations for improvements in areas such as cost, performance, and security. Several security-related Trusted Advisor checks are provided for free, including security group settings, IAM user access, multi-factor authentication, and S3 bucket permissions.

The S3 bucket permissions check alerts users when their buckets have open access permissions or allow access to any authenticated AWS user. 

Researchers at Fog Security discovered that an attacker could get Trusted Advisor to not alert users about public buckets by setting the S3 bucket policies to deny ‘s3:GetBucketAcl’, ‘s3:GetPublicAccessBlock’ or ‘s3:GetBucketPolicyStatus’ actions. 

After bypassing Trusted Advisor’s S3 security check, the researchers showed how an attacker could have configured a bucket with public and anonymous permissions via bucket policies and ACLs, enabling data exfiltration without triggering an alert. 

It’s worth noting that an attacker would need to first gain access to the target’s AWS environment before carrying out these actions. 

Fog Security reported its findings to AWS in early May and a comprehensive fix was rolled out in late June — an incomplete patch was deployed in late May. 

AWS has notified customers about the issue and pointed them to documentation pages covering S3 bucket permissions and blocking public access to S3 storage

“As a security best practice, we recommend customers review their S3 bucket permissions and ensure they align with their security requirements,” an AWS spokesperson told SecurityWeek. “When S3 bucket policies prevent Trusted Advisor from performing certain actions […], customers should expect to see a ‘Warn’ status in their Trusted Advisor check. Previously, these buckets were incorrectly listed as ignored and potentially displayed incorrect status indicators for public access settings.”

Related: Vendors Unveil New Cloud Security Products, Features at AWS re:Invent 2024

Related: Compromised AWS Keys Abused in Codefinger Ransomware Attacks

Related: Vulnerability Allowed Takeover of AWS Apache Airflow Service

Latest News

CYBERNEWSMEDIAPublisher