Friday, November 1, 2024
HomeComputer SecurityNew AWS Security Feature To Stop Accidental S3 Public Exposure

New AWS Security Feature To Stop Accidental S3 Public Exposure

Published on

Malware protection

Amazon introduced S3 Block Public Access feature, a new level of protection which gives potential to block public access to newly created and for existing buckets and objects.

The feature works both in the account level as well as for the individual buckets, the feature is accessible from the S3 console CLI, the S3 APIs, and from within CloudFormation templates.

S3 Block Public Access

Starting from now AWS account and bucket owner will four new options for managing public ACLs and two for managing public bucket function and these functions can be accessed by APIs also.

- Advertisement - SIEM as a Service

“We want to make sure that you use public buckets and objects as needed while giving you tools to make sure that you don’t make them publicly accessible due to a simple mistake or misunderstanding,” reads Amazon blog post.

AWS misconfiguration causes some major issues, because of misconfiguration number of companies exposed the data publically.

Starting last November Amazon bring’s up a Public indicator to show the list of buckets available in public and which are Not public.

Amazon S3 is object storage built to store and retrieve any amount of data from anywhere – websites and mobile apps, corporate applications, and data from IoT sensors or devices.

We heard about a number of Amazon bucket data exposures, where the companies exposed the sensitive data publically, one of the recent exposure was the web bucket belongs to ISP provider Pocket iNet, around 73 Gigabytes of data exposed.

Last August Godaddy leaked 18 million customers record with over 76M domain names, exposed data includes information such as hostname, operating system, workload, AWS region, memory and CPU specs, and more.

Gurubaran
Gurubaran
Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Latest articles

LightSpy iOS Malware Enhanced with 28 New Destructive Plugins

The LightSpy threat actor exploited publicly available vulnerabilities and jailbreak kits to compromise iOS...

ATPC Cyber Forum to Focus on Next Generation Cybersecurity and Artificial Intelligence Issues

White House National Cyber Director, CEOs, Key Financial Services Companies, Congressional and Executive Branch...

New PySilon RAT Abusing Discord Platform to Maintain Persistence

Cybersecurity experts have identified a new Remote Access Trojan (RAT) named PySilon. This Trojan...

Konni APT Hackers Attacking Organizations with New Spear-Phishing Tactics

The notorious Konni Advanced Persistent Threat (APT) group has intensified its cyber assault on...

Free Webinar

Protect Websites & APIs from Malware Attack

Malware targeting customer-facing websites and API applications poses significant risks, including compliance violations, defacements, and even blacklisting.

Join us for an insightful webinar featuring Vivek Gopalan, VP of Products at Indusface, as he shares effective strategies for safeguarding websites and APIs against malware.

Discussion points

Scan DOM, internal links, and JavaScript libraries for hidden malware.
Detect website defacements in real time.
Protect your brand by monitoring for potential blacklisting.
Prevent malware from infiltrating your server and cloud infrastructure.

More like this

LightSpy iOS Malware Enhanced with 28 New Destructive Plugins

The LightSpy threat actor exploited publicly available vulnerabilities and jailbreak kits to compromise iOS...

New PySilon RAT Abusing Discord Platform to Maintain Persistence

Cybersecurity experts have identified a new Remote Access Trojan (RAT) named PySilon. This Trojan...

Konni APT Hackers Attacking Organizations with New Spear-Phishing Tactics

The notorious Konni Advanced Persistent Threat (APT) group has intensified its cyber assault on...