Amazon has patched five vulnerabilities in its AWS Encryption Client, including a CBC padding oracle flaw.
The new AWS IMDSv2 security feature mitigates common attacks that take advantage of SSRF, open WAFs, and open layer 3 firewalls.
Amazon S3 buckets aren't the only data repositories that can leak data because of the organization's configuration errors. Other cloud services on the AWS platform are often found accessible by anyone on the Internet.
The exposure of SSH keys to public websites or code repositories can result in unauthorized admin access to your servers and systems.
There have been countless examples of misconfigured access to Amazon S3 buckets containing massive amounts of sensitive data - here’s how you can configure granular access policies and use MFA to protect your data in the cloud.