Found 2 bookmarks
Custom sorting
8 Million Requests Later, We Made The SolarWinds Supply Chain Attack Look Amateur
8 Million Requests Later, We Made The SolarWinds Supply Chain Attack Look Amateur
The TL;DR is that this time, we ended up discovering ~150 Amazon S3 buckets that had previously been used across commercial and open source software products, governments, and infrastructure deployment/update pipelines - and then abandoned. Naturally, we registered them, just to see what would happen - “how many people are really trying to request software updates from S3 buckets that appear to have been abandoned months or even years ago?”, we naively thought to ourselves.
#watchtowr#EN#2025#Amazon#S3#buckets#Supply-Chain-Attack
·labs.watchtowr.com·
8 Million Requests Later, We Made The SolarWinds Supply Chain Attack Look Amateur
Backdooring Your Backdoors - Another $20 Domain, More Governments
Backdooring Your Backdoors - Another $20 Domain, More Governments
After the excitement of our .MOBI research, we were left twiddling our thumbs. As you may recall, in 2024, we demonstrated the impact of an unregistered domain when we subverted the TLS/SSL CA process for verifying domain ownership to give ourselves the ability to issue valid and trusted TLS/
#watchtowr#EN#2025#backdoor#infrastructure#abandoned#access#analysis#hack#research#hackback
·labs.watchtowr.com·
Backdooring Your Backdoors - Another $20 Domain, More Governments