A Hole in the S3 Buckets

Last week in security news: Thinkst Canary's Thinkstscapes, Multiple S3 Bucket Negligence Awards, Credit Card Payment Processing on AWS, and more!Links:Thinkst Canary's ThinkstscapesIt's been a while since we've seen a strong, confirmed S3 Bucket Negligence Award, but Toyota has a massive one dating back a decade.Oof, looks like Google's CloudSQL product had a vulnerability that would allow an attacker to escalate to GCP control plane permissions.Holy... Legion malware expands scope to target AWS CloudWatch as well.When it rains, it pours; Capita had an S3 Bucket Negligence Award as well!Credit Card Payment Processing on AWS - Don't do it. Pay Stripe. Amazon Security Lake is now generally availableAnnouncing the AWS Blueprint for Ransomware Defense Get custom data into Amazon Security Lake through ingesting Azure activity logs Tip of the week: When you're starting something new that might turn into a company, use SSO.