All news with #aws tag

Amazon Engineer Exposed Credentials via Public GitHub Repo

🔒 UpGuard discovered a public GitHub repository on 13 January 2020 containing an Amazon Web Services engineer’s personal identity documents and numerous system credentials. The repository included AWS key pairs (including a file named rootkey.csv), API tokens, private keys, passwords, logs, and customer-related templates. UpGuard reported the exposure to AWS Security within hours and the repository was secured the same day. The incident highlights how rapid leak detection can prevent accidental disclosures from escalating.

Viacom Cloud Leak Exposes AWS Keys and Puppet Data

🔒 An UpGuard researcher discovered a publicly accessible Amazon S3 bucket exposing Viacom’s internal provisioning and cloud credentials. The archive—found under the subdomain "mcs-puppet"—contained seventy-two incremental .tgz backups with Puppet manifests, configuration files, GPG decryption keys and the AWS access key and secret. Viacom was notified on August 31, 2017 and the exposed buckets were secured within hours, preventing active compromise.

Amazon Engineer Exposed Credentials in Public GitHub Repo

⚠️ UpGuard identified on 13 January 2020 a public GitHub repository containing sensitive material tied to an Amazon Web Services engineer. The repo, roughly 954 MB when downloaded, included personal identity documents, bank statements, log files, AWS key pairs (including a file labeled rootkey.csv), private keys, passwords and third-party API tokens. UpGuard analysts detected the exposure within half an hour, notified AWS Security early that afternoon, and the repository was taken out of public view the same day. Rapid detection and remediation appear to have prevented escalation; there is no evidence of malicious intent or end-user data compromise.

Public S3 Leak Exposed 1.86M Chicago Voter Records

🔓 UpGuard’s Cyber Risk Team discovered a publicly accessible AWS S3 repository tied to Election Systems & Software (ES&S) that contained multiple backups and a 12 GB MSSQL database. The data set included about 1.864 million Chicago voter records with names, addresses, dates of birth, phone numbers, driver’s license numbers and partial Social Security numbers. The bucket, labeled “chicagodb,” was found on August 11, 2017; ES&S was notified and the exposure was secured by August 12, 2017. This incident highlights vendor misconfiguration risk and the need for rigorous vendor risk management and configuration checks.

AWS Guide Updated for Australian Financial Regulations

🛡️ AWS published an updated AWS User Guide to Financial Services Regulations and Guidelines in Australia to reflect APRA’s Prudential Standard CPS 230 Operational Risk Management, effective 1 July 2025, and APRA’s February 2025 rescission of its 2018 cloud outsourcing information paper. The whitepaper is intended for APRA‑regulated institutions and is particularly useful for leadership, governance, security, risk, and compliance teams seeking to run workloads on AWS. It summarizes APRA expectations on operational risk management and information security and provides materials to begin due diligence and implement appropriate programs within a shared responsibility model. AWS will continue to publish updates through its Security Blog and Compliance resources and encourages customers to engage their AWS account managers for assistance.

Testing Post-Quantum TLS in Python with OpenSSL 3.5

🔐 AWS provides a containerized sample to test post-quantum hybrid TLS (PQ TLS) from Python by bundling OpenSSL 3.5 with a standard interpreter and common libraries. The sample demonstrates hybrid key exchange using ML-KEM alongside classical algorithms and includes examples for boto3/AWS CLI, requests, and low-level ssl sockets. It also shows how to capture traffic and confirm PQ negotiation in TLS handshakes.

AWS Security Incident Response: Accelerating IR Lifecycle

🛡️ AWS Security Incident Response is a Tier 1, AWS-native service launched in December 2024 to accelerate detection, triage, and containment of security incidents. It integrates with Amazon GuardDuty, AWS Security Hub, and AWS Systems Manager, supports partner integrations, and enables escalation to AWS CIRT. The service centralizes findings, automates monitoring and intelligent triage to reduce false positives, and offers prebuilt containment playbooks and APIs to compress MTTR and coordinate cross-account response.

New AWS Whitepaper: AICPA SOC 2 Compliance Guide on AWS

📘 AICPA SOC 2 Compliance Guide on AWS provides detailed, prescriptive guidance for cloud architects, security and compliance teams, and DevOps professionals to implement SOC 2–aligned controls using AWS services. The whitepaper maps Trust Services Criteria (Security, Availability, Processing Integrity, Confidentiality, Privacy) to AWS services and constructs and explains complementary user entity controls. It outlines strategies for evidence collection, documentation, and audit readiness and highlights automation best practices. The guide places controls within the AWS shared responsibility model and points to AWS Security Assurance Services for further assistance.

AWS releases SRA Verify: Open-source SRA assessment

🔍 SRA Verify is an open-source assessment tool from AWS that automates validation of an organization’s alignment to the AWS Security Reference Architecture (AWS SRA). It runs automated checks across multiple services to verify configurations and highlight deviations from recommended patterns. The tool links checks to remediation guidance and IaC examples to help teams implement fixes more quickly. It currently covers CloudTrail, GuardDuty, IAM Access Analyzer, Config, Security Hub, S3, Inspector, and Macie, with plans to expand.

CLOUD Act Explained: Provider Obligations and Protections

🔒 AWS clarifies five key points about the CLOUD Act, stressing it does not grant automatic or unfettered access to customer content and that U.S. law requires judicial process for compelled disclosures. AWS reports no disclosure of enterprise or government customer content stored outside the U.S. since 2020. The company notes the Act applies to any provider with a U.S. presence and aligns with international law, while technical controls like AWS Nitro and AWS KMS limit operator access.

Beyond IAM Access Keys: Modern AWS Authentication Approaches

🔐 This AWS Security Blog post explains why long-term IAM access keys introduce exposure and operational risk, and outlines practical, more secure alternatives. It recommends browser-based CloudShell for CLI access, IAM Identity Center (with AWS CLI v2 and MFA) and IDE integrations for developer workflows, and IAM roles for compute and CI/CD. The post also covers external access options, emphasizes temporary credentials, and urges the principle of least privilege.

AWS Completes 2024 CCAG Pooled Audit with EU Banks

🔒 AWS completed the 2024 pooled audit run by the Collaborative Cloud Audit Group (CCAG) with major European financial institutions. The multi‑phase engagement (February–December 2024) was grounded in the CSA Cloud Controls Matrix and aligned to IIA IPPF and ISACA ITAF benchmarks, with on‑site fieldwork at two AWS locations. Assessments covered data confidentiality and sovereignty, incident detection and response, privileged access controls, operational resilience, API security, supplier governance, interoperability and centralized compliance oversight.

Alteryx Cloud Leak Exposes Data on 123M Households

🔒 UpGuard discovered an Amazon S3 bucket at the subdomain 'alteryxdownload' that was misconfigured to allow any AWS 'Authenticated Users' to download its contents. The repository included Alteryx software and a 36 GB ConsumerView dataset from Experian containing 123 million household records and 248 fields. A separate file held public 2010 US Census data. Alteryx secured the bucket after notification, underscoring vendor and cloud configuration risk.

Pentagon Cloud Leak Exposes Billions of Scraped Posts Globally

🔒 UpGuard discovered three publicly accessible AWS S3 buckets—centcom-backup, centcom-archive, and pacom-archive—containing years of scraped internet content. The stores included at least 1.8 billion posts, Lucene search indexes, and developer configuration referencing VendorX, Outpost, and Coral. UpGuard notified the Defense Department, and access was subsequently secured.