lemy.lol
  • Communities
  • Create Post
  • Create Community
  • heart
    Support Lemmy
  • search
    Search
  • Login
  • Sign Up
flynnbot@lemmy.capebreton.socialMB to Cybersecurity News@lemmy.capebreton.socialEnglish · 1 year ago

Hackers Abuse AWS SSM Agent to Perform Various Malicious Activities

gbhackers.com

external-link
message-square
2
fedilink
  • cross-posted to:
  • gbhackers@zerobytes.monster
2
external-link

Hackers Abuse AWS SSM Agent to Perform Various Malicious Activities

gbhackers.com

flynnbot@lemmy.capebreton.socialMB to Cybersecurity News@lemmy.capebreton.socialEnglish · 1 year ago
message-square
2
fedilink
  • cross-posted to:
  • gbhackers@zerobytes.monster
alert-triangle
You must log in or register to comment.
  • dbx12@programming.dev
    link
    fedilink
    arrow-up
    3    ·
    1 year ago

    Would be great if they went a bit more in detail how this exploit (?) works and how to defend against it. Is it a config error or just unsafe by default? Are you immediately at risk if you have the SSM agent running?

    • videodrome@lemmy.capebreton.socialM
      link
      fedilink
      arrow-up
      1      ·
      1 year ago

      Are you immediately at risk if you have the SSM agent running?

      No, this is a post-exploitation and used as a way to maintain persistence. Your machine will need to be comprimised in some form first.

      The original post is so much better -> https://www.mitiga.io/blog/mitiga-security-advisory-abusing-the-ssm-agent-as-a-remote-access-trojan

Cybersecurity News@lemmy.capebreton.social

cybersecurity@lemmy.capebreton.social

Subscribe from Remote Instance

Create a post
You are not logged in. However you can subscribe from another Fediverse account, for example Lemmy or Mastodon. To do this, paste the following into the search field of your instance: !cybersecurity@lemmy.capebreton.social

Welcome to Cybersecurity News!

A community that collect news and other tidbits related to cybersecurity in all its domains.

There are no hard and fast rules regarding what to post here-- we are fine with both pop news articles and more technical pieces regarding cybersecurity.

We use a bot called flynnbot to repost some rss feed content but the majority of posts are human-curated.

New to Cybersecurity?

Here are some resources to get you started:

  • Cybersecurity for Beginners
  • Intro to Cybersecurity

Related Communities

!security_cpe@infosec.pub
!cybersecurity@zerobytes.monster
!packetstorm@zerobytes.monster
!security@programming.dev
!secops@lemmy.world
!cybersecurity@sh.itjust.works
!netsec@zerobytes.monster
!securitynews@infosec.pub
!cloudsecurity@infosec.pub
!netsec@links.hackliberty.org
!cybersecurity@infosec.pub
!cybersecuritymemes@lemmy.world

Visibility: Public
globe

This community can be federated to other instances and be posted/commented in by their users.

  • 1 user / day
  • 6 users / week
  • 7 users / month
  • 1 user / 6 months
  • 3 local subscribers
  • 1.33K subscribers
  • 2.22K Posts
  • 592 Comments
  • Modlog
  • mods:
  • videodrome@lemmy.capebreton.social
  • flynnbot@lemmy.capebreton.social
  • BE: 0.19.5
  • Modlog
  • Legal
  • Instances
  • Docs
  • Code
  • join-lemmy.org