Hosted on MSN

AWS systems targeted by crypto mining scam using hijacked IAM credentials

Attackers used stolen high‑privilege IAM credentials to rapidly deploy large‑scale cryptomining on EC2 and ECS They launched GPU‑heavy auto‑scaling groups, malicious Fargate containers, new IAM users, ...
Bleeping Computer

Hackers target SSRF bugs in EC2-hosted sites to steal AWS credentials

A targeted campaign exploited Server-Side Request Forgery (SSRF) vulnerabilities in websites hosted on AWS EC2 instances to extract EC2 Metadata, which could include Identity and Access Management ...
Dark Reading

More Attackers Are Logging In, Not Breaking In

Credential theft is now the primary way attackers gain initial access to enterprise networks, and the speed, scale, and sophistication with which they are weaponizing stolen credentials is outpacing ...