This week's articles
Locked Out, Dropboxed In: When BEC threats innovate
Between January and February 2025, an opportunistic Business Email Compromise (BEC) threat actor carried out an Adversary-In-The-Middle (AiTM) attack against a professional services organization.
#attack
#defend
#saas
Abusing AWS Serverless Image Handler
The AWS solution "Dynamic Image Transformation for Amazon CloudFront", previously known as "AWS Serverless Image Handler", contains a configuration weakness where the role associated with the Lambda does not constrain which buckets can be accessed. The environment variable can be set to a wildcard allowing access to any bucket.
#attack
#aws
|