ALERT: Malicious Amazon Alexa Skills Can Easily Bypass Vetting Process

Researchers have uncovered gaps in Amazon’s skill vetting process for the Alexa voice assistant ecosystem that could allow a malicious actor to publish a deceptive skill under any arbitrary developer name and even make backend code changes after approval to trick users into giving up sensitive information. The findings were presented on Wednesday at the […]

Malicious Code Bombs Target Amazon, Lyft, Slack, Zillow

Packet Storm

Hacker News Nation #2 – 37 Signals, Amazon Postgres, Github Resumes, and Applying to Y Combinator

Top stories from Hacker News! Read by Mattan Griffel and Chris Castiglione COIN GitHub Amazon RDS for PostgreSQL Work Can Wait Google wins book-scanning case: judge finds “fair use,” cites many benefits We Got Rejected by Y Combinator 37signals valuation tops 0 billion after bold VC investment

Magecart skimmers found on Amazon CloudFront CDN

Update (06-08-2019): The compromises of Amazon S3 buckets continue and some large sites are being affected. Our crawler spotted a malicious injection that loads a skimmer for the Washington Wizards page on the official website. The skimmer was inserted in this JavaScript library: hxxps://s3[.]amazonaws[.]com/wsaimages/js/wizards[.]js Interestingly, this same library had already been altered (loading content […]

Be sure to deregister Amazon devices purchased as gifts

Now that post-Thanksgiving shopping is in full swing, here’s a brief tip for those purchasing Amazon gadgets as Christmas gifts: if you are giving an Amazon Device to someone outside your household, take a moment to deregister the device from your Amazon account. Otherwise you may inadvertently give more gift than you bargained for. Amazon devices […]

Next Page »