One Article Review
| Source |  Schneier on Security |
|---|---|
| Identifiant | 8648193 |
| Date de publication | 2025-02-12 12:09:24 (vue: 2025-02-12 13:07:55) |
| Titre | Delivering Malware Through Abandoned Amazon S3 Buckets |
| Texte | Here’s a supply-chain attack just waiting to happen. A group of researchers searched for, and then registered, abandoned Amazon S3 buckets for about $400. These buckets contained software libraries that are still used. Presumably the projects don’t realize that they have been abandoned, and still ping them for patches, updates, and etc.
The TL;DR is that this time, we ended up discovering ~150 Amazon S3 buckets that had previously been used across commercial and open source software products, governments, and infrastructure deployment/update pipelines—and then abandoned...
Here’s a supply-chain attack just waiting to happen. A group of researchers searched for, and then registered, abandoned Amazon S3 buckets for about $400. These buckets contained software libraries that are still used. Presumably the projects don’t realize that they have been abandoned, and still ping them for patches, updates, and etc. The TL;DR is that this time, we ended up discovering ~150 Amazon S3 buckets that had previously been used across commercial and open source software products, governments, and infrastructure deployment/update pipelines—and then abandoned... |
| Notes | ★★★ |
| Envoyé | Oui |
| Condensat | $400 abandoned about across amazon are attack been buckets chain commercial contained delivering deployment/update discovering don’t ended etc governments group had happen have here’s infrastructure just libraries malware open patches ping pipelines—and presumably previously products projects realize registered researchers searched software source supply them then these through time tl;dr updates used waiting ~150 |
| Tags | Malware Commercial |
| Stories | |
| Move | 
|
L'article ne semble pas avoir été repris aprés sa publication.
L'article ne semble pas avoir été repris sur un précédent.