A retrospective on public cloud breaches of 2022, with Rami McCarthy and Houston Hopkins | Datadog Security Labs
Tags
Common Information
| Type | Value |
|---|---|
| UUID | 074feac9-e662-4356-8298-f2da61ead687 |
| Fingerprint | eb20cdca9d0e27cf |
| Analysis status | DONE |
| Considered CTI value | 1 |
| Text language | |
| Published | Dec. 21, 2022, midnight |
| Added to db | Aug. 13, 2023, 9:50 a.m. |
| Last updated | Nov. 17, 2024, 6:54 p.m. |
| Headline | A retrospective on public cloud breaches of 2022, with Rami McCarthy and Houston Hopkins |
| Title | A retrospective on public cloud breaches of 2022, with Rami McCarthy and Houston Hopkins | Datadog Security Labs |
| Detected Hints/Tags/Attributes | 75/2/110 |
Source URLs
URL Provider
RSS Feed
| Details | Id | Enabled | Feed title | Url | Added to db |
|---|---|---|---|---|---|
| Details | 230 | ✔ | Datadog Security Labs | https://securitylabs.datadoghq.com/rss/feed.xml | 2024-08-30 22:08 |
Attributes
| Details | Type | #Events | CTI | Value |
|---|---|---|---|---|
| Details | Domain | 35 | www.vice.com |
|
| Details | Domain | 73 | techcrunch.com |
|
| Details | Domain | 15 | github.blog |
|
| Details | Domain | 2 | www.gitguardian.com |
|
| Details | Domain | 4 | www.uber.com |
|
| Details | Domain | 1373 | twitter.com |
|
| Details | Domain | 72 | symantec-enterprise-blogs.security.com |
|
| Details | Domain | 2 | tomforb.es |
|
| Details | Domain | 9 | blog.sonatype.com |
|
| Details | Domain | 12 | www.mend.io |
|
| Details | Domain | 14 | blog.reversinglabs.com |
|
| Details | Domain | 23 | permiso.io |
|
| Details | Domain | 3 | expel.com |
|
| Details | Domain | 57 | www.theregister.com |
|
| Details | Domain | 71 | cybernews.com |
|
| Details | Domain | 36 | www.hackread.com |
|
| Details | Domain | 18 | www.vpnmentor.com |
|
| Details | Domain | 175 | www.zdnet.com |
|
| Details | Domain | 29 | www.techrepublic.com |
|
| Details | Domain | 6 | www.safetydetectives.com |
|
| Details | Domain | 1 | www.websiteplanet.com |
|
| Details | Domain | 78 | securityaffairs.co |
|
| Details | Domain | 1 | members.backbox.org |
|
| Details | Domain | 23 | infosecwriteups.com |
|
| Details | Domain | 133 | www.infosecurity-magazine.com |
|
| Details | Domain | 5 | www.itnews.com.au |
|
| Details | Domain | 1 | webs3c.com |
|
| Details | Domain | 1 | hg8.sh |
|
| Details | Domain | 434 | medium.com |
|
| Details | Domain | 1 | raymondlind.medium.com |
|
| Details | Domain | 1 | logicbomb.medium.com |
|
| Details | Domain | 206 | hackerone.com |
|
| Details | Domain | 182 | www.mandiant.com |
|
| Details | Domain | 67 | www.tenable.com |
|
| Details | Domain | 1 | www.onsecurity.io |
|
| Details | Domain | 6 | blog.assetnote.io |
|
| Details | Domain | 12 | huntr.dev |
|
| Details | Domain | 12 | wesecureapp.com |
|
| Details | Domain | 1 | corben.io |
|
| Details | File | 1 | mend-npm-threat-repot.pdf |
|
| Details | File | 72 | www.safe |
|
| Details | File | 104 | www.dat |
|
| Details | File | 1 | sega-europe-aws-s3-bucket-data-leak.html |
|
| Details | File | 384 | www.inf |
|
| Details | Mandiant Uncategorized Groups | 3 | UNC2903 |
|
| Details | Url | 1 | https://www.vice.com/en/article/m7gb43/microsoft-employees-exposed-login-credentials-azure-github |
|
| Details | Url | 1 | https://www.bleepingcomputer.com/news/security/toyota-discloses-data-leak-after-access-key-exposed-on-github |
|
| Details | Url | 1 | https://techcrunch.com/2022/11/03/astrazeneca-passwords-exposed-patient-data |
|
| Details | Url | 1 | https://github.blog/2022-05-26-npm-security-update-oauth-tokens |
|
| Details | Url | 1 | https://blog.pingsafe.com/shiba-inu-cloud-credentials-leaked-in-a-major-security-breach-394ad54382c1 |
|
| Details | Url | 1 | https://www.gitguardian.com/files/the-state-of-secrets-sprawl-report-2022 |
|
| Details | Url | 2 | https://www.uber.com/newsroom/security-update |
|
| Details | Url | 1 | https://twitter.com/hacker_/status/1570582202697809920 |
|
| Details | Url | 1 | https://symantec-enterprise-blogs.security.com/blogs/threat-intelligence/mobile-supply-chain-aws |
|
| Details | Url | 1 | https://tomforb.es/infosys-leaked-fulladminaccess-aws-keys-on-pypi-for-over-a-year |
|
| Details | Url | 1 | https://jfrog.com/jfrogs-security-scanners-discovered-thousands-of-publicly-exposed-api-tokens-and-theyre-active |
|
| Details | Url | 1 | https://www.bleepingcomputer.com/news/security/popular-python-and-php-libraries-hijacked-to-steal-aws-keys |
|
| Details | Url | 1 | https://blog.sonatype.com/python-packages-upload-your-aws-keys-env-vars-secrets-to-web |
|
| Details | Url | 1 | https://www.mend.io/wp-content/media/2022/02/mend-npm-threat-repot.pdf |
|
| Details | Url | 1 | https://blog.reversinglabs.com/blog/sentinelsneak-malicious-pypi-module-poses-as-security-sdk |
|
| Details | Url | 1 | https://permiso.io/blog/s/christmas-cloud-cred-harvesting-campaign |
|
| Details | Url | 1 | https://expel.com/blog/incident-report-stolen-aws-access-keys |
|
| Details | Url | 1 | https://www.theregister.com/2022/06/16/storehub_data_leak |
|
| Details | Url | 2 | https://techcrunch.com/2022/10/27/amazon-prime-video-server-exposed |
|
| Details | Url | 2 | https://cybernews.com/security/thomson-reuters-leaked-terabytes-sensitive-data |
|
| Details | Url | 1 | https://vpnoverview.com/research/platformq-exposes-personal-info-of-nearly-100000-us-healthcare-workers |
|
| Details | Url | 1 | https://www.hackread.com/kids-luxury-clothing-store-melijoe-data-exposed |
|
| Details | Url | 1 | https://www.vpnmentor.com/blog/makati-breach-report |
|
| Details | Url | 1 | https://www.zdnet.com/article/unsecured-aws-server-exposed-airport-employee-records-3tb-in-data |
|
| Details | Url | 1 | https://www.hackread.com/conferencing-service-provider-civicom-8tb-data |
|
| Details | Url | 1 | https://www.techrepublic.com/article/south-korean-data-breach |
|
| Details | Url | 1 | https://therecord.media/american-marriage-ministries-acknowledges-data-exposure-after-earlier-incident-reported-to-fbi |
|
| Details | Url | 1 | https://www.zdnet.com/article/amazon-steps-in-to-close-exposed-flexbooker-bucket-after-december-data-breach |
|
| Details | Url | 1 | https://www.safetydetectives.com/news/pegasus-leak-report |
|
| Details | Url | 1 | https://www.databreaches.net/japanese-medical-online-consultation-site-leaking-consumer-submitted-images-of-symptoms |
|
| Details | Url | 1 | https://www.databreaches.net/thousands-of-indians-exposed-in-data-breach-affecting-money-lending-app-cashmama |
|
| Details | Url | 1 | https://www.hackread.com/breast-cancer-charity-exposed-sensitive-images-patients |
|
| Details | Url | 1 | https://techcrunch.com/2022/06/08/mobike-passports-identity-exposed |
|
| Details | Url | 1 | https://www.hackread.com/us-marketing-firm-data-exposed-database-mess-up |
|
| Details | Url | 1 | https://www.websiteplanet.com/blog/epallet-leak-report |
|
| Details | Url | 1 | https://techcrunch.com/2022/02/08/ottawa-trucker-freedom-convoy-exposed-donation |
|
| Details | Url | 1 | https://securityaffairs.co/wordpress/126258/data-breach/sega-europe-aws-s3-bucket-data-leak.html |
|
| Details | Url | 1 | https://members.backbox.org/zimbra-open-bucket-data-leak-responsible-disclosure |
|
| Details | Url | 1 | https://infosecwriteups.com/how-i-found-a-companys-internal-s3-bucket-with-41k-files-94b453e588b5 |
|
| Details | Url | 1 | https://sirleeroyjenkins.medium.com/bypassing-ssrf-protection-to-exfiltrate-aws-metadata-from-larksuite-bf99a3599462 |
|
| Details | Url | 1 | https://infosecwriteups.com/ssrf-leads-to-access-aws-metadata-21952c220aeb |
|
| Details | Url | 1 | https://www.theregister.com/2022/12/20/mcgraw_hills_s3_buckets_exposed |
|
| Details | Url | 1 | https://socradar.io/sensitive-data-of-65000-entities-in-111-countries-leaked-due-to-a-single-misconfigured-data-bucket |
|
| Details | Url | 1 | https://cybernews.com/news/sensitive-records-of-over-280m-indian-citizens-exposed |
|
| Details | Url | 1 | https://www.infosecurity-magazine.com/news/british-council-students-data |
|
| Details | Url | 1 | https://www.hackread.com/myeasydocs-exposed-30gb-israel-india-students-pii-data |
|
| Details | Url | 1 | https://www.itnews.com.au/news/azure-misconfiguration-exposed-isoc-members-info-576120 |
|
| Details | Url | 1 | https://webs3c.com/t/from-nothing-to-aws-credentials/220 |
|
| Details | Url | 1 | https://hg8.sh/posts/bugbounty/ssrf-to-rce-aws |
|
| Details | Url | 252 | https://medium.com |
|
| Details | Url | 1 | https://infosecwriteups.com/story-of-a-1k-bounty-ssrf-d5c4868680f5 |
|
| Details | Url | 1 | https://raymondlind.medium.com/ssrf-bug-leads-to-aws-metadata-exposure-f2ee7d43c6c3 |
|
| Details | Url | 1 | https://logicbomb.medium.com/a-bug-worth-1-75lacs-aws-ssrf-to-rce-8d43d5fda899 |
|
| Details | Url | 1 | https://hackerone.com/reports/671935 |
|
| Details | Url | 1 | https://hackerone.com/reports/1406938 |
|
| Details | Url | 1 | https://hackerone.com/reports/971590 |
|
| Details | Url | 1 | https://hackerone.com/reports/1241149 |
|
| Details | Url | 1 | https://www.mandiant.com/resources/blog/cloud-metadata-abuse-unc2903 |
|
| Details | Url | 1 | https://www.tenable.com/security/research/tra-2022-34 |
|
| Details | Url | 1 | https://www.onsecurity.io/blog/pentest-files-ec2-creds-via-server-side-request-forgery |
|
| Details | Url | 1 | https://www.onsecurity.io/blog/pentest-files-more-ec2-credential-retrieval-through-server-side-request-forgery |
|
| Details | Url | 1 | https://blog.assetnote.io/2022/10/28/exploiting-static-site-generators |
|
| Details | Url | 1 | https://huntr.dev/bounties/c903d563-ba97-44e9-b421-22bfab1e0cbd |
|
| Details | Url | 1 | https://wesecureapp.com/blog/pdf-generators-eternal-bond-with-ssrf |
|
| Details | Url | 1 | https://corben.io/blog/a-fun-ssrf-through-a-headless-browser |