Welcome to my weekly cybersecurity roundup! Here, I share updates on the projects I’m currently working on, along with the most insightful cybersecurity videos I watched, articles I found valuable, and podcasts I tuned into this week.
Featured Analysis
Featured article analysis: Hackers Weaponize Amazon Simple Email Service to Send 50,000+ Malicious Emails Per Day
A recent cybercriminal campaign has been exploiting Amazon’s Simple Email Service (SES) to launch large-scale phishing attacks, delivering over 50,000 malicious emails per day. The campaign begins with attackers gaining access to AWS accounts through compromised access keys. They then use these credentials to probe the environment for SES permissions. By using a sophisticated, multi-regional approach, they are able to bypass SES’s default “sandbox” restrictions and daily email limits, unlocking the ability to send massive volumes of malicious emails.
The attackers’ infrastructure is technically advanced, utilizing both their own domains and legitimate domains with weak security configurations to facilitate email spoofing. They systematically verify these domains and create legitimate-looking email addresses to maximize the credibility of their messages. The phishing emails themselves are designed to appear as official tax-related notifications, directing victims to credential harvesting sites. To evade detection, the attackers use commercial traffic analysis services and programmatically attempt to escalate privileges within the AWS environment, though some of these attempts have failed.
This campaign highlights a growing threat where legitimate cloud services, intended for business purposes, are weaponized at scale. The successful exploitation of Amazon SES demonstrates the critical importance of robust security practices, including the need for enhanced monitoring of dormant access keys and unusual cross-regional API activity. The findings from Wiz.io researchers serve as a crucial reminder for organizations to implement more stringent security measures to prevent cloud service abuse and protect against sophisticated, large-scale cyberattacks.
Projects
- TryHackMe – SQLMap: The Basics – Complete
- TryHackMe – SOC Fundamentals – Complete
- TryHackMe – Digital Forensics Fundamentals – Complete
- TryHackMe – Incident Response Fundamentals – Complete
Videos
Articles
- Plex tells users to reset passwords after new data breach – Media streaming platform Plex is warning customers to reset passwords after suffering a data breach in which a hacker was able to steal customer authentication data from one of its databases.
- iCloud Calendar abused to send phishing emails from Apple’s servers – iCloud Calendar invites are being abused to send callback phishing emails disguised as purchase notifications directly from Apple’s email servers, making them more likely to bypass spam filters to land in targets’ inboxes.
- Hackers Weaponize Amazon Simple Email Service to Send 50,000+ Malicious Emails Per Day – A sophisticated cybercriminal campaign has emerged, exploiting Amazon’s Simple Email Service (SES) to orchestrate large-scale phishing operations capable of delivering over 50,000 malicious emails daily.
- Remote CarPlay Hack Puts Drivers at Risk of Distraction and Surveillance – Oligo Security has shared details on an Apple CarPlay attack that hackers may be able to launch without any interaction.
- Apple warns customers targeted in recent spyware attacks – Apple warned customers last week that their devices were targeted in a new series of spyware attacks, according to the French national Computer Emergency Response Team (CERT-FR).
- U.S. Senator accuses Microsoft of “gross cybersecurity negligence” – U.S. Senator Ron Wyden has sent a letter to the Federal Trade Commission (FTC) requesting the agency to investigate Microsoft for failing to provide adequate security in its products, which led to ransomware attacks against healthcare organizations.
- Man gets over 4 years in prison for selling unreleased movies – A Tennessee court has sentenced a Memphis man who worked for a DVD and Blu-ray manufacturing and distribution company to 57 months in prison for stealing and selling digital copies of unreleased movies.