A Former Amazon Employee Charged for Digital Fraud. Sentencing in September

Paige Thompson Faces up to 20 Years for Wire Fraud Paige Thompson, 36, a resident of Seattle, who worked as an engineer in Amazon Web Services, has been charged with seven felonies. She has been found guilty of five cases of unauthorized access to protected systems, damaging a protected computer, and wire fraud. For fraud… Continue reading A Former Amazon Employee Charged for Digital Fraud. Sentencing in September

Amazon Patch for Log4Shell allowed privilege escalation

Palo Alto Networks warns that a patch released by Amazon to protect AWS from high-profile issues in Apache Log4j, including the Log4Shell vulnerability, poses a threat to users. The patch can be used to escape the container and escalate privileges, allowing an attacker to take control of the underlying host. Let me remind you that… Continue reading Amazon Patch for Log4Shell allowed privilege escalation

Vulnerabilities in Amazon Kindle Allowed Taking Full Control of the Device

Check Point researchers reported that in April of this year, IT giant Amazon eliminated critical vulnerabilities in the Amazon Kindle. The problems could be used to gain full control over the device, allowed them to steal the Amazon device token and other confidential data stored on it. For a successful attack on a Kindle, just… Continue reading Vulnerabilities in Amazon Kindle Allowed Taking Full Control of the Device

Operators of phishing campaigns increased number of emails allegedly from delivery services

Check Point Research reports that in November, the number of phishing emails written on behalf of delivery services increased by 440% compared to October. The sharpest growth was noted in Europe, with North America and the Asia-Pacific region in second and third places respectively in the number of phishing campaigns. Most often (in 56% of… Continue reading Operators of phishing campaigns increased number of emails allegedly from delivery services

Vulnerabilities in Amazon Alexa opened access to user data for outsiders

In June this year, researchers from Check Point discovered a number of dangerous vulnerabilities that opened for attacks the Amazon Alexa virtual assistant and its users. The problem was in CORS and XSS bugs, which affected several Amazon subdomains, and in configuration issues. By exploiting these bugs, attackers could gain access to personal data (usernames,… Continue reading Vulnerabilities in Amazon Alexa opened access to user data for outsiders

Mandrake malware was hiding on Google Play for more than four years

Bitdefender experts found Mandrake spyware in the official Android app store, hiding on Google Play for four years (since 2016). The malware established full control over infected devices, collected credentials, GPS from infected devices, made screen recordings, and so on. At the same time, the malware carefully avoided infections in countries such as Ukraine, Belarus,… Continue reading Mandrake malware was hiding on Google Play for more than four years