Attackers exploit Twilio’s misconfigured cloud storage, inject malicious code into SDK

Attackers exploit Twilio’s misconfigured cloud storage, inject malicious code into SDK

Twilio has confirmed that, for 8 or so hours on July 19, a malicious version of their TaskRouter JS SDK was being served from their one of their AWS S3 buckets. “Due to a misconfiguration in the S3 bucket that was hosting the library, a bad actor was able to inject code that made the user’s browser load an extraneous URL that has been associated with the Magecart group of attacks,” the company shared. Who’s … More

The post Attackers exploit Twilio’s misconfigured cloud storage, inject malicious code into SDK appeared first on Help Net Security.

via Help Net Security https://www.helpnetsecurity.com
Link : https://www.helpnetsecurity.com
July 23, 2020 at 12:20PM

  •  
  •  
  •  
  •  
  •  
  •  
  •  
  •  
  •