Cybersecurity News in Asia

RECENT STORIES:

SEGA moves faster with flow-based network monitoring
Six-month snapshot of state-sponsored threats shows continued APT resi...
Cohesity Strengthens Resilience of Large, Mission-Critical MongoDB Wor...
Closing the gap in Zero Trust implementation: What you need to conside...
Solving data protection challenges in an era of cloud and AI
42Gears Launches SureIdP — Zero Trust Identity and Access Manage...
LOGIN REGISTER
CybersecAsia
  • Features
    • Featured

      Solving data protection challenges in an era of cloud and AI

      Solving data protection challenges in an era of cloud and AI

      Wednesday, June 18, 2025, 11:12 AM Asia/Singapore | Data Protection, Features
    • Featured

      Will your organization’s defenses be breached due to your suppliers’ weak cybersecurity?

      Will your organization’s defenses be breached due to your suppliers’ weak cybersecurity?

      Thursday, May 29, 2025, 5:04 PM Asia/Singapore | Features
    • Featured

      How the UAE proactively protects its digital economy

      How the UAE proactively protects its digital economy

      Monday, May 19, 2025, 2:16 PM Asia/Singapore | Features
  • Opinions
  • Tips
  • Whitepapers
  • Awards 2025
  • Directory
  • E-Learning

Select Page

LOGIN REGISTER
  • Features
    • Featured

      Solving data protection challenges in an era of cloud and AI

      Solving data protection challenges in an era of cloud and AI

      Wednesday, June 18, 2025, 11:12 AM Asia/Singapore | Data Protection, Features
    • Featured

      Will your organization’s defenses be breached due to your suppliers’ weak cybersecurity?

      Will your organization’s defenses be breached due to your suppliers’ weak cybersecurity?

      Thursday, May 29, 2025, 5:04 PM Asia/Singapore | Features
    • Featured

      How the UAE proactively protects its digital economy

      How the UAE proactively protects its digital economy

      Monday, May 19, 2025, 2:16 PM Asia/Singapore | Features
  • Opinions
  • Tips
  • Whitepapers
  • Awards 2025
  • Directory
  • E-Learning
News

What’s in a name? In AWS, it could spell six critical vulnerabilities

By CybersecAsia editors | Friday, August 16, 2024, 7:26 PM Asia/Singapore

What’s in a name? In AWS, it could spell six critical vulnerabilities

A logical flaw in S3 bucket-naming conventions could have allowed hackers to lay booby traps for organizations creating new buckets

Critical vulnerabilities in six Amazon Web Services have been disclosed by researchers from a cybersecurity firm.

The vulnerabilities were found in the following AWS services: CloudFormation, Glue, EMR, SageMaker, ServiceCatalog and CodeStar.

When any of these services are used in a new region for the first time, an S3 bucket is automatically created with a certain name. This name is divided into the name of the service of the AWS account ID (in most services mentioned above) and the name of the region. Thereby, across all AWS regions, the bucket name remains the same, differing only by the region name.

Researchers from Aqua Security have uncovered how attackers could discover the buckets’ names or guess predictable parts of the bucket name. Subsequently, using a method dubbed “Bucket Monopoly” the attackers can create buckets with these names in advance in all available regions (essentially performing a virtual landgrab), then store malicious code in the bucket. As S3 bucket names are unique across the provider’s platform, if a bucket has been “captured”, no one else can claim that bucket name thereafter.

The potential impacts include remote code execution and full-service user takeover, which could provide cybercriminals with the means to gain administrative access, manipulate AI modules; exfiltrate sensitive data, and launch denial-of-service attacks.

The firm had promptly disclosed its findings to the AWS security team, who had quickly acknowledged and fixed all the vulnerabilities.

According to the firm’s lead researcher, Yakir Kadkoda:  “When the targeted organization enables the service in a new region for the first time, the malicious code will be unknowingly executed, potentially resulting in the creation of an admin user in the targeted organization — granting control to the attackers.”

The firm has demonstrated how S3 can become a “shadow resource”, and how attackers can discover or guess bucket names and exploit them if the aforementioned critical vulnerability is not addressed.

Share:

PreviousBrunei’s Baiduri Bank leverages cloud authentication platform for corporate and consumer divisions
NextHave your organization’s Windows systems been patched yet?

Related Posts

Fighting fraud with AI authentication: FICO platform

Fighting fraud with AI authentication: FICO platform

Friday, November 8, 2019

More than half of attacks successfully infiltrate enterprise environments without detection: report

More than half of attacks successfully infiltrate enterprise environments without detection: report

Friday, May 8, 2020

Ransonware attack cripples computational software at the worst possible time: exams!

Ransonware attack cripples computational software at the worst possible time: exams!

Thursday, May 29, 2025

Interviews of 37 CEOs yields four cyber leadership mindsets worth noting

Interviews of 37 CEOs yields four cyber leadership mindsets worth noting

Monday, March 27, 2023

Leave a reply Cancel reply

You must be logged in to post a comment.

Voters-draw/RCA-Sponsors

Slide
Slide
Slide
Slide
Slide
Slide
Slide
Slide
Slide
Slide
Slide
Slide
Slide
Slide
Slide
Slide
Slide
previous arrow
next arrow

CybersecAsia Voting Placement

Gamification listing or Participate Now

PARTICIPATE NOW

Vote Now -Placement(Google Ads)

Top-Sidebar-banner

Whitepapers

  • 2024 Insider Threat Report: Trends, Challenges, and Solutions

    2024 Insider Threat Report: Trends, Challenges, and Solutions

    Insider threats continue to be a major cybersecurity risk in 2024. Explore more insights on …Download Whitepaper
  • AI-Powered Cyber Ops: Redefining Cloud Security for 2025

    AI-Powered Cyber Ops: Redefining Cloud Security for 2025

    The future of cybersecurity is a perfect storm: AI-driven attacks, cloud expansion, and the convergence …Download Whitepaper
  • Data Management in the Age of Cloud and AI

    Data Management in the Age of Cloud and AI

    In today’s Asia Pacific business environment, organizations are leaning on hybrid multi-cloud infrastructures and advanced …Download Whitepaper
  • Mitigating Ransomware Risks with GRC Automation

    Mitigating Ransomware Risks with GRC Automation

    In today’s landscape, ransomware attacks pose significant threats to organizations of all sizes, with increasing …Download Whitepaper

Middle-sidebar-banner

Case Studies

  • St Luke’s ElderCare enhances operations and capabilities through a centralized secure, scalable network

    St Luke’s ElderCare enhances operations and capabilities through a centralized secure, scalable network

    With only a small IT team, the digital transformation has united operations across 30 locations, …Read more
  • Automating border control and security with facial recognition technology

    Automating border control and security with facial recognition technology

    Indonesia Immigration & Seaport Authorities enhances security and speeds up border control queues at Batam …Read more
  • Securing wealth advisory services without unnecessary friction: Endowus

    Securing wealth advisory services without unnecessary friction: Endowus

    The wealth advisory platform demonstrates its non-negotiable commitment to a robust security posture through partnering …Read more
  • LifeTech group sets up next-gen security operations center in Malaysia

    LifeTech group sets up next-gen security operations center in Malaysia

    By partnering with a unified cybersecurity platform, the firm will be offering cost-effective advanced SOC …Read more

Bottom sidebar

  • Our Brands
  • DigiconAsia
  • MartechAsia
  • Home
  • About Us
  • Contact Us
  • Sitemap
  • Privacy & Cookies
  • Terms of Use
  • Advertising & Reprint Policy
  • Media Kit
  • Subscribe
  • Manage Subscriptions
  • Newsletter

Copyright © 2025 CybersecAsia All Rights Reserved.