Tag

S3

5 briefs RSS

Rapid Enumeration of AWS S3 Buckets

An AWS principal rapidly enumerates S3 bucket posture using read-only APIs, indicative of reconnaissance, scanning, or post-compromise activity.

AWS S3 +1 aws s3 cloudtrail discovery enumeration reconnaissance

2r 4t 3d ago

low advisory

AWS S3 Rapid Bucket Posture API Calls Indicate Reconnaissance

2 rules 4 TTPs

An AWS principal rapidly enumerates S3 bucket configurations using read-only APIs, potentially indicating reconnaissance activity by security scanners, CSPM tools, or malicious actors performing post-compromise enumeration.

cloud aws s3 reconnaissance

2r 4t 3w ago

high advisory

MinIO SSE Metadata Injection via Replication Headers Leads to Data Unreadability

2 rules 1 TTP

A vulnerability in MinIO allows authenticated users with `s3:PutObject` permission to inject internal server-side encryption metadata into objects via crafted replication headers, leading to permanent data unreadability.

minio s3 metadata-injection denial-of-service

2r 1t Mar 27, 2026

high advisory

S3Browser IAM Policy Creation with Default Bucket Name

2 rules 3 TTPs

An AWS IAM policy is created by the S3Browser utility with the default S3 bucket name placeholder, potentially indicating unauthorized access or misconfiguration.

AWS IAM +1 aws iam s3browser s3 policy cloudtrail

2r 3t Jan 26, 2024

medium advisory

AWS S3 Bucket Deletion Detected via CloudTrail

3 rules 1 TTP

An AWS S3 bucket deletion event was detected via CloudTrail logs, potentially indicating data loss or unauthorized access attempts.

S3 cloud aws data_loss

3r 1t Jan 2, 2024