A cybercrime group known as TeamTNT is using a crypto-mining worm to steal plaintext AWS credentials and config files from compromised Docker and Kubernetes systems.

TeamTNT has become the first crypto-minining botnet to include a feature that scans and steal AWS credentials.

To make matters worse, both the ~/.aws/credentials and ~/.aws/config files stolen by TeamTNT are unencrypted and contain plaintext credentials and configuration details for a target's AWS account ...

Ironically enough, hackers don’t seem to be heeding these warnings, either, since the researchers found all of the stolen files - in an unprotected AWS database.

Review the platforms or services that have credentials listed in the .env file, one-time for previously saved cloud credentials, and continuously for other types of credentials that cannot be deleted.

Amazon EKS Kubernetes security vulnerability via EKS Pod Identity gives cybersecurity attacks and threat actors exposure to credentials and malicious activity, Trend Micro research report says.

Users of AI cloud services such as Amazon Bedrock are increasingly being targeted by attackers who abuse stolen credentials in a new attack dubbed LLMjacking.

The information pulled this way included AWS customer keys and secrets, database credentials, Git credentials and source code, SMTP credentials (for email sending), API keys for services like ...