• Menu
  • Skip to main content
  • Skip to primary sidebar

The Cyber Security News

Latest Cyber Security News

Header Right

  • Latest News
  • Vulnerabilities
  • Cloud Services
Cyber Security News

Hundreds of Amazon RDS Snapshots Discovered Leaking Users’ Data

You are here: Home / General Cyber Security News / Hundreds of Amazon RDS Snapshots Discovered Leaking Users’ Data
November 17, 2022

Hundreds of Amazon relational databases services (RDS) occasions have been found exposed every month, with intensive leakage of personally identifiable information and facts (PII).

The discovery has been made by security scientists at Mitiga, who printed a post about the conclusions on Wednesday.

The Platform-as-a-Services (PaaS) resource, to start with produced by Amazon in 2009, delivers a database platform dependent on different optional engines (e.g., MySQL, PostgreSQL, etc.).

✔ Approved Seller From Our Partners
Mullvad VPN Discount

Protect your privacy by Mullvad VPN. Mullvad VPN is one of the famous brands in the security and privacy world. With Mullvad VPN you will not even be asked for your email address. No log policy, no data from you will be saved. Get your license key now from the official distributor of Mullvad with discount: SerialCart® (Limited Offer).

➤ Get Mullvad VPN with 12% Discount


When utilizing the RDS support in AWS, users can deploy RDS snapshots to back up the whole databases (DB) instance alternatively of individual databases.

Snapshots can then be shared throughout distinct AWS accounts, equally inner and external to an corporation. Community RDS snapshots, in certain, permit buyers to share general public details or a template databases with an software.

“With that, a person may possibly unintentionally leak delicate details to the earth, even if you use highly secure network configuration,” Mitiga wrote in the advisory.

Circumstance in position: the corporation discovered several snapshots that had been shared publicly for a couple several hours, times and even months, possibly deliberately or by blunder.

“It can be crucial to be aware that earning a snapshot general public, even for a very shorter amount of money of time, can have undesirable outcomes. Our investigation demonstrates how a risk actor could possibly consider gain of snapshots that are shared for even a short timeframe,” Mitiga wrote in its advisory.

In accordance to Erich Kron, security recognition advocate at KnowBe4, though cloud storage is effortless, it can also be tough to secure for persons unfamiliar with it.

“The capability to do snapshots and share them, even though pretty practical, it truly is something that can easily direct to issues that go away details uncovered.”

The govt discussed that even though poorly configured permissions inside of an on-premise network are even now a significant issue, the chance of a misconfiguration exposing facts to millions of other people today can be a great deal reduced.

“For corporations that keep or approach facts within the cloud, procedures need to be in spot to make certain that information continues to be guarded even following producing changes,” Kron informed Infosecurity.

“The exercise of getting a second particular person validate the permissions on information, though it can be inconvenient, can likely help save a lot of labor and the possible for fines, particularly in seriously regulated industries.”

The Mitiga advisory will come two months right after Snyk proposed 80% of corporations suffered a “serious” cloud security incident about the past calendar year.


Some elements of this short article are sourced from:
www.infosecurity-journal.com

Previous Post: «Cyber Security News More Than Half of Black Friday Spam Emails Are Scams
Next Post: Security Budget Cuts and Recession Spark Worries Among IT Admins Cyber Security News»

Reader Interactions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Primary Sidebar

Report This Article

Recent Posts

  • Lazarus Group Impersonates Recruiter from Meta to Target Spanish Aerospace Firm
  • Post-Quantum Cryptography: Finally Real in Consumer Apps?
  • Microsoft’s AI-Powered Bing Chat Ads May Lead Users to Malware-Distributing Sites
  • Progress Software Releases Urgent Hotfixes for Multiple Security Flaws in WS_FTP Server
  • Cisco Warns of Vulnerability in IOS and IOS XE Software After Exploitation Attempts
  • GitHub Repositories Hit by Password-Stealing Commits Disguised as Dependabot Contributions
  • China’s BlackTech Hacking Group Exploited Routers to Target U.S. and Japanese Companies
  • The Dark Side of Browser Isolation – and the Next Generation Browser Security Technologies
  • China-Linked Budworm Targeting Middle Eastern Telco and Asian Government Agencies
  • Update Chrome Now: Google Releases Patch for Actively Exploited Zero-Day Vulnerability

Copyright © TheCyberSecurity.News, All Rights Reserved.