Bleeping Computer

How attackers abuse S3 Bucket Namesquatting — And How to Stop Them

With the sheer amount of data and users leveraging AWS, it’s easy for misconfigurations to slip through the cracks. One commonly overlooked area is the naming of S3 buckets. AWS S3 bucket names are ...
InfoWorld

Amazon S3 storage buckets set to ‘public’ are ripe for data-plundering

Using a combination of relatively low-tech techniques and tools, security researchers have discovered that they can access the contents of one in six Amazon Simple Storage Service (S3) buckets. Those ...
Ars Technica

AWS S3 storage bucket with unlucky name nearly cost developer $1,300

If you’re using Amazon Web Services and your S3 storage bucket can be reached from the open web, you’d do well not to pick a generic name for that space. Avoid “example,” skip “change_me,” don’t even ...
GIGAZINE

Empty S3 buckets cause AWS bills to explode, Amazon announces it will address the issue

As a proof of concept for a document indexing system he was building for a client, Pocwierz created a single S3 bucket in the AWS ' eu-west-1 ' region and uploaded several files for testing. After ...
TechSpot

Amazon S3 bucket with placeholder-like name leads to $1,300 in charges

Facepalm: Amazon S3 buckets, part of the Amazon Web Services infrastructure, are great for storing and managing huge amounts of data at scale, but they can also become a financial and security risk if ...
Dark Reading

Critical AWS Vulnerabilities Allow S3 Attack Bonanza

BLACK HAT USA – Las Vegas – Thursday, Aug. 8 – Six critical vulnerabilities in Amazon Web Services (AWS) could have allowed threat actors to target organizations with remote code execution (RCE), ...