In this Help Net Security video, Kat Traxler, Principal Security Researcher – Public Cloud at Vectra AI, walks through two AWS misconfigurations that go beyond the basics of bucket visibility. The first is bucket name squatting. Because S3 uses a global names…
Cloud misconfiguration has evolved and your controls haven’t
Attackers are exploiting AWS S3 bucket name squatting to impersonate legitimate organizations by registering identical bucket names, leading to phishing, brand impersonation, and data exfiltration. This affects any AWS S3 user with publicly accessible buckets, enabling attackers to hijack traffic and manipulate user trust at scale.