AWS Secure Access Methods, WhoAMI Image Flaw, AI Dataset Leak, and More Cybersecurity Updates
Welcome to the latest edition of Techmagic's newsletter, where we've gathered the most critical updates from the cybersecurity world to keep you informed. This edition covers secure methods for granting AWS cross-account access, a new cloud image attack, exposed API keys in an AI training dataset, and much more. Enjoy reading!
#cloud
AWS Cross-Account Access Methods for Secure Resource Sharing
Together with the growth of your Amazon Web Services (AWS) environment, you may need to grant cross-account access to resources. This could be for various reasons, such as enabling centralized operations across multiple AWS accounts, sharing resources across teams or projects within your organization, or integrating with third-party services. However, granting cross-account access requires careful consideration of your security, availability, and manageability requirements. In this blog post, the authors explore four ways to grant cross-account access using resource-based policies. Each method has unique tradeoffs, and the best choice depends on your specific requirements and use case.
#cloud
New Cloud Attack Exploits Virtual Machine Image Confusion
Researchers from the DataDog Security Labs have discovered an attack called "whoAMI name confusion attack". It is an instance of a name confusion attack, a subset of a supply chain attack. In a name confusion attack, an attacker publishes a malicious resource with the intention of tricking misconfigured software into using it instead of the intended resource. It is very similar to a dependency confusion attack, except that the malicious resource is a software dependency (such as a pip package) in the latter. In contrast, in the whoAMI name confusion attack, the malicious resource is a virtual machine image. They have also developed a tool to help you detect the use of untrusted AMIs in your environment.
#AI
Thousands of API Keys and Passwords Found in AI Training Dataset
Close to 12,000 valid API keys and passwords have been discovered in the Common Crawl dataset, a widely used resource for training various artificial intelligence models.
The Common Crawl organization manages a vast open-source repository containing petabytes of web data collected since 2008. This dataset is freely available to anyone and is commonly utilized in AI projects.
Due to its extensive scope, many AI initiatives, including large language models (LLMs) developed by companies such as OpenAI, DeepSeek, Google, Meta, Anthropic, and Stability, may partially rely on the Common Crawl archive for training purposes.
#cryptocurrency
Bybit Hack Traced to North Korean SafeWallet Supply Chain Attack
The U.S. Federal Bureau of Investigation (FBI) has officially linked the historic $1.5 billion hack of cryptocurrency exchange Bybit to North Korean cybercriminals. The company's CEO, Ben Zhou, has publicly declared a "war against Lazarus," referring to the infamous North Korean hacking group.
According to the FBI, the Democratic People's Republic of Korea (DPRK) orchestrated the heist through a supply chain attack on Safe{Wallet}, identifying the culprits as members of the TraderTraitor group. This cluster of threat actors is also known as Jade Sleet, Slow Pisces, and UNC4899.
The hackers have reportedly begun converting portions of the stolen funds into Bitcoin and other digital assets, distributing them across thousands of blockchain addresses. The FBI warned that these assets would likely undergo further laundering before being exchanged for traditional fiat currency.
#AI
Security Risks in Grok 3 AI Model Raise Concerns for Cybersecurity
AI security researchers warn that Grok 3, xAI's latest model, is highly vulnerable to cyber threats. It easily bypasses restrictions, exposing harmful content and leaking system prompts, making future exploits easier.
These flaws could let hackers take control of AI agents, creating a major cybersecurity risk. While excelling in AI benchmarks, Grok 3 failed key security tests, unlike competitors.
As AI agents gain real-world decision-making power, every vulnerability becomes a potential breach—raising urgent concerns about security in AI development.
Read also our article "Security Risks of Artificial Intelligence:Examples and Ways of Defense"
#web
Gmail and Outlook Users Targeted by Phishing Attacks That Bypass 2FA
Recent reports highlight a critical vulnerability in Gmail and Outlook security: sophisticated phishing attacks that bypass traditional two-factor authentication (2FA) methods. These attacks utilize advanced phishing kits, such as Astaroth, which intercept login credentials and 2FA tokens in real time, granting attackers unauthorized access to user accounts.
To combat these threats, experts recommend transitioning from password-based logins and basic 2FA to more secure authentication methods, such as passkeys. Passkeys offer enhanced protection against phishing by eliminating the need for passwords, reducing the risk of credential interception.
Additionally, users should remain vigilant against AI-driven scams that craft convincing phishing emails and messages. These sophisticated tactics can lead to financial losses and data breaches. In light of these developments, users must adopt stronger security measures and stay informed about evolving cyber threats to safeguard their personal information.
Techmagic’s Team Ranked in the Top 15% at Snyk Fetch The Flag CTF
Our team participated in the "Fetch The Flag CTF" organized by Snyk and John Hammond. The competition featured jeopardy-style challenges in software vulnerabilities, supply chain security, web security, and forensics. Our team performed strongly, capturing 8 flags and scoring 300 points, which placed them in the top 15% of all competitors.
Congratulations to Ihor Sasovets, Denys Spys, and Victoria Shutenko!
Thank you for reading this edition of Techmagic's newsletter. We hope these insights help you stay ahead of emerging cybersecurity challenges. Stay secure, and we look forward to keeping you informed in our next issue. If you have any questions or feedback, feel free to contact us.