A Search Tool That Allows Anyone To Access Cloud Documents

Uploaded on 2018-02-20 in TECHNOLOGY--Hackers, NEWS-Cybersecurity News, FREE TO VIEW

A website created by anonymous hackers has been launched that allows anyone to search for unsecured sensitive data stored in the cloud.

Buckhacker is a tool that trawls servers at Amazon Web Services (AWS), a popular cloud computing platform. AWS provides data storage to private firms, governments and universities, among others.

Exposed data has been found on it before, but Buckhacker makes searching for it much easier.

The name comes from the fact that AWS Simple Storage Servers (S3) are known as "buckets", this is the part of AWS that Buckhacker accesses.The BBC alerted Amazon to Buckhacker shortly after it went live, but the firm has yet to issue a statement on the matter.

Offline 'for maintenance'
Recently Buckhacker went offline "for maintenance", though it had previously been working allowing a number of cyber-security experts to explore it.

"We went online with the alpha version too early," said a Twitter account associated with the Buckhacker site.

Security expert Kevin Beaumont told the BBC: "It's a goldmine of stuff which shouldn't be public." He pointed to one example that appeared to be of encryption keys for a cloud customer at a different cloud computing service.

"S3 buckets have been a problem for years," added Mr Beaumont.

"The search engine is the first easy to access ways of looking inside them... companies are losing control of their data in the cloud."

BBC

You Might Also Read:

Microsoft Cloud Is Hosting US Spy Data:

In The House Or In The Cloud: Which Is More Secure?:

 

« Discover Your Inner Spy
Crypto-Mining Is A Growing Epidemic »

CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

IT GRC Forum

IT GRC Forum

The IT GRC Forum is an online resource and networking platform for the Governance, Risk Management, and Compliance (GRC) community

Federal Office For Information Security (BSI) - Germany

Federal Office For Information Security (BSI) - Germany

The BSI (Bundesamt fur Sicherheit in der Informationstechnik) is the federal cyber security agency and the chief architect of secure digitalisation in Germany.

Flashpoint

Flashpoint

Flashpoint is a globally trusted leader in risk intelligence for organizations that demand the fastest, most comprehensive coverage of threatening activity on the internet.

Ikarus Security Software

Ikarus Security Software

Ikarus focuses on antivirus and content-security solutions.

TUV Rheinland Group

TUV Rheinland Group

TUV Rheinland Group is a testing services company with nearly 145 years of technological experience. We help you to protect your systems comprehensively, proactively and permanently.

Cytomic

Cytomic

Cytomic is the business unit of Panda Security specialized in providing advanced cybersecurity solutions and services to large enterprises.

Quantum Security Solutions (QSec)

Quantum Security Solutions (QSec)

QSec is an innovative information security consultancy based in Ghana. We can provide your organisation with information security products and services that assure against information risk.

Advantage

Advantage

Advantage exists to provide peace of mind in an evolving technology reliant world. We were created by visionaries who for nearly 4-decades have been passionate about providing world-class solutions.

Cyber Defense Technologies (CDT)

Cyber Defense Technologies (CDT)

Cyber Defense Technologies provides services and turn-key solutions to secure and maintain the integrity of your organization’s systems and data against attacks.

Tonex

Tonex

Tonex providing industry-leading technology training, courses, seminars, workshops, and consulting services to companies and government organizations around the world.

Hexens

Hexens

Hexens introduces a whole new approach to cybersecurity solutions. Indisputable skills and a unique super-focused perspective on every single case are the values we create.

CyberUp

CyberUp

CyberUp is a nonprofit organization created to strengthen the cybersecurity workforce. We help employers reimagine how they grow and scale their cybersecurity workforce.

Smarsh

Smarsh

Smarsh products are designed for user-friendly, efficient compliance. From archiving, supervision, and discovery to cybersecurity – Smarsh has you covered.

Cribl

Cribl

Cribl, the Data Engine for IT and Security, empowers organizations to transform their data strategy.

DigiGlass

DigiGlass

DigiGlass is a cutting-edge cybersecurity service provider powered by Redington Gulf, a leading technology distributor in the Middle East and Africa.