Attackers exploit Twilio’s misconfigured cloud storage, inject malicious code into SDK

23 July 2020

Twilio has confirmed that, for 8 or so hours on July 19, a malicious version of their TaskRouter JS SDK was being served from their one of their AWS S3 buckets. “Due to a misconfiguration in the S3 bucket that was hosting the library, a bad actor was able to inject code that made the user’s browser load an extraneous URL that has been associated with the Magecart group of attacks,” the company shared.

Read full article on Help Net Security

Date:

23 July 2020

Categorie(s):

NEWS

Tag(s):

Access Management, Amazon, Attackers, AWS, Cloud Provider

In memoriam: Steven Young, respected CISO and former Cybersecurity Collaborative VP19 April 2024
The Biggest Deepfake Porn Website Is Now Blocked in the UK19 April 2024
The MSSP perspective: CISO insights into stronger security19 April 2024
66% of IT leaders doubt the government can defend against cyberwarfare19 April 2024
FBI chief says Chinese hackers have infiltrated critical US infrastructure19 April 2024