All news with #aws s3 tag

Crimson Collective Targets AWS Cloud Instances for Theft

🔒 Researchers report the 'Crimson Collective' has been targeting long-term AWS credentials and IAM accounts to steal data and extort companies. Using open-source tools like TruffleHog, the attackers locate exposed AWS keys, create new IAM users and access keys, then escalate privileges by attaching AdministratorAccess. They snapshot RDS and EBS volumes, export data to S3, and send extortion notices via AWS SES. Rapid7 urges organisations to audit keys, enforce least privilege, and scan for exposed secrets.

SageMaker Unified Studio adds SSO for Spark sessions

🔐 Amazon SageMaker Unified Studio now supports corporate identities for interactive Apache Spark sessions using AWS Identity Center trusted identity propagation. Data engineers and scientists can sign on to JupyterLab Spark sessions with organizational credentials while administrators apply fine-grained access controls and maintain end-to-end data access traceability. The integration leverages AWS Lake Formation, Amazon S3 Access Grants, and Amazon Redshift Data APIs, and includes comprehensive AWS CloudTrail logging for interactive and background sessions to streamline compliance.

Public S3 Bucket Exposes 273k Indian Bank Transfers

🔓 UpGuard discovered a publicly accessible Amazon S3 bucket containing over 273,000 PDFs documenting individual bank transfers in India, many with unredacted account numbers, amounts, and personal contact details. Aye Finance was disproportionately represented in the sample, and researchers observed roughly 3,000 new files added daily before the bucket was secured following notifications to AyeFin, NPCI, and CERT‑IN. The exposure poses an immediate risk of large‑scale fraud and targeted abuse across dozens of banks.

Mass Exposure of Indian Bank NACH Transfer PDFs Repository

🔓 UpGuard discovered a publicly accessible Amazon S3 bucket containing roughly 273,160 PDF documents formatted as NACH MANDATE records that documented bank transfers in India. The files exposed unredacted bank account numbers, transaction amounts and, in many cases, individuals’ names, phone numbers and email addresses. A 55K-file sample (~42 GB) showed 38 financial institutions represented, with AyeFin appearing in nearly 60% of sampled records. UpGuard notified AyeFin and NPCI, escalated to CERT‑IN when the bucket continued to grow, and verified the repository was secured on September 4.

Preview Amazon S3 Tables Directly in the S3 Console

🔍 You can now preview Amazon S3 Tables directly in the S3 console without writing SQL. The console preview displays table schema, column types, and sample rows so you can quickly inspect structure and key data points without additional setup. Previews are available in all AWS Regions where S3 Tables are offered. You are charged only for the S3 requests used to read the sampled rows; consult S3 pricing and the S3 User Guide for details.

Amazon Route 53 Resolver Query Logging Now in NZ Region

🛰️ Amazon Route 53 Resolver Query Logging is now available in Asia Pacific (New Zealand). You can log DNS queries originating in VPCs to capture queried domain names, the AWS resources that issued the queries (including source IP and instance ID), and the responses received. Logs can be delivered to Amazon S3, CloudWatch Logs, or Amazon Data Firehose, and query logging configurations may be shared across accounts via AWS RAM. There is no additional Route 53 charge for enabling query logging, though storage and ingestion on the chosen destination may incur costs.

Defense-in-Depth: Building an AWS Control Framework

🔒 This post outlines a practical, layered approach to reduce risk in AWS by moving beyond detective-only controls to a comprehensive defense‑in‑depth control framework. It recommends combining preventative, proactive, detective, and responsive controls across the resource lifecycle and illustrates how AWS services such as AWS Control Tower, AWS Organizations, Security Hub, and AWS Config enable that strategy. The guidance covers concrete patterns—from SCPs, RCPs and policy‑as‑code in CI/CD to automated remediation via Lambda and Systems Manager—to scale governance, reduce findings, and shorten remediation time.

Automating Security Hub Exceptions with Business Context

🔒 This post describes an automated approach to validate and document exceptions to AWS Security Hub findings, enabling security teams to enforce governance while developers request and implement compensating controls. The solution leverages EventBridge, SQS, Lambda, and DynamoDB to validate controls, collect evidence, and maintain an immutable audit trail. It preserves segregation of duties, supports multiple validation types, and includes deployment scripts and CloudFormation templates. The authors emphasize the reference architecture is a starting point and must be reviewed and adapted before production use.

Source-of-Truth Authorization for RAG Knowledge Bases

🔒 This post presents an architecture to enforce strong, source-of-truth authorization for Retrieval-Augmented Generation (RAG) knowledge bases using Amazon S3 Access Grants with Amazon Bedrock. It explains why vector DB metadata filtering is insufficient—permission changes can be delayed and complex identity memberships are hard to represent—and recommends validating permissions at the data source before returning chunks to an LLM. The blog includes a practical Python walkthrough for exchanging identity tokens, retrieving caller grant scopes, filtering returned chunks, and logging withheld items to reduce the risk of sensitive data leaking into LLM prompts.

Step Functions: Data Sources and Metrics for Distributed Map

⚙️ AWS Step Functions now expands Distributed Map input sources and adds visibility metrics. Distributed Map can now iterate S3 objects via S3ListObjectsV2, read AWS Athena data manifests and Parquet files directly, and extract arrays from JSON stored in S3 or passed as state input. New observability metrics — Approximate Open Map Runs Count, Open Map Run Limit, and Approximate Map Runs Backlog Size — provide operational insight. These features are available in all commercial AWS Regions; enable Distributed Map mode in the Step Functions console and consult the developer guide for examples.

AWS Transfer Family Now Available in Taipei Region

🚀 AWS announced that AWS Transfer Family is now available in the Asia Pacific (Taipei) Region, supporting SFTP, FTP, FTPS and AS2 for managed file transfers. The service delivers fully managed ingress and egress to Amazon S3 and Amazon EFS, and integrates with event-driven automation to streamline file-processing workflows. This regional availability helps customers modernize and migrate business-to-business file exchanges to AWS while reducing operational overhead.

Amazon S3 Batch Operations: Manage Objects by Bucket

📦 Amazon S3 Batch Operations now allows users to target all objects within an S3 bucket, or refine selection by prefix, suffix, creation date, or storage class directly from the AWS Management Console. Instead of providing a manifest, customers can specify these filters when creating a job and S3 will apply the chosen operation to every matching object and produce a detailed completion report. Typical use cases include copying between buckets, restoring archived data from Glacier classes, and computing checksums for datasets. The capability is available in all AWS Regions and can also be accessed via the AWS CLI or SDK.

Amazon GuardDuty Protection Plans and Threat Detection

🔐 Amazon GuardDuty centralizes continuous threat detection across AWS using AI/ML and integrated threat intelligence. It offers optional protection plans—S3, EKS, Runtime Monitoring, Malware Protection for EC2 and S3, RDS, and Lambda—that extend detections to service-specific telemetry and runtime behaviors. Built-in Extended Threat Detection correlates signals into high-confidence attack sequences and maps findings to MITRE ATT&CK, providing prioritized remediation guidance.

AWS GuardDuty S3 Malware Scanning Now Handles Larger Files

🛡️ AWS has expanded GuardDuty Malware Protection for S3 scanning limits, raising the maximum file size from 5 GB to 100 GB and increasing archive processing to 10,000 files per archive (previously 1,000). These enhancements are automatically enabled in all supported AWS Regions. Customers gain broader coverage for large objects and dense archives stored in S3, improving pre-ingestion threat detection. This update strengthens protection for workloads and downstream processes.

KillSec Ransomware Disrupts Brazilian Healthcare IT

🔒 A ransomware incident attributed to KillSec has disrupted MedicSolution, a Brazilian healthcare IT vendor, after attackers claimed to exfiltrate more than 34 GB comprising 94,818 files. Resecurity reports the haul includes medical evaluations, lab results, X‑rays and unredacted patient photos, and says data was exposed via misconfigured AWS cloud buckets. MedicSolution has not publicly responded; regulators and affected providers face notification and remediation challenges.

CloudWatch Flow Monitors Extend Cross-Region Visibility

🔍 With this update, Amazon CloudWatch Network Monitoring flow monitors can observe traffic between AWS Regions over the AWS global network. Flow monitors deliver near real-time metrics for compute instances such as Amazon EC2 and Amazon EKS, and for services like Amazon S3 and Amazon DynamoDB, to help detect and attribute network-driven impairments. The network health indicator now captures cross-Region path health including visibility into remote public IPs and private traffic over VPC and Transit Gateway peering.

Amazon Redshift Serverless Available in Milan, Cape Town

🚀 Amazon Redshift Serverless is now generally available in the AWS Europe (Milan) and Africa (Cape Town) regions. With Redshift Serverless, users—data analysts, developers, and data scientists—can run analytics without provisioning or managing clusters, benefiting from automatic provisioning, intelligent scaling, and per-second compute billing. You can query data via Query Editor V2 or existing BI tools, load data from Amazon S3 (including Apache Parquet), use Redshift data shares, restore provisioned snapshots, and take advantage of unified billing for queries across these sources.

Managed Tiered Checkpointing for Amazon SageMaker HyperPod

⚡ Amazon Web Services has announced general availability of managed tiered checkpointing for Amazon SageMaker HyperPod, a hybrid checkpointing capability that caches frequent checkpoints in CPU memory and periodically persists them to Amazon S3 for durability. The approach reduces model recovery time and minimizes training progress loss on large-scale clusters. It integrates with PyTorch Distributed Checkpoint (DCP) and is enabled via a CreateCluster/UpdateCluster API parameter; customers can use the sagemaker-checkpointing Python library to adopt it with minimal code changes. Currently available for HyperPod clusters using the EKS orchestrator.

Four-Step EASM Framework to Reduce External Cyber Risk

🔍 External Attack Surface Management (EASM) requires a continuous, automated approach to discover internet-facing assets, detect vulnerabilities and prioritize remediation. The article outlines a practical four-step process — identify and classify assets, risk detection, risk assessment, and prioritization and remediation — to reduce external cyber risk. A real-world Jenkins misconfiguration illustrates how shadow IT and configuration changes can expose sensitive data, and why centralized, recurrent EASM platforms that integrate with existing workflows and provide actionable guidance are essential. Effective defense combines fast MTTD from tools with responsive teams to achieve timely MTTR.

AWS Deadline Cloud automates job output downloads at scale

🔁 The AWS Deadline Cloud client now includes a command to automatically download outputs for completed jobs from a specified queue. The command detects output files that Deadline Cloud has stored in Amazon S3 and restores them to the local paths defined during job creation. It can be scheduled with cron or Task Scheduler to run periodically, enabling unattended retrieval for final review and delivery.