Attackers exploit Twilio’s misconfigured cloud storage, inject malicious code into SDK

23

Jul

2020

Attackers exploit Twilio’s misconfigured cloud storage, inject malicious code into SDK

image credit: pixabay

Twilio has confirmed that, for 8 or so hours on July 19, a malicious version of their TaskRouter JS SDK was being served from their one of their AWS S3 buckets.

“Due to a misconfiguration in the S3 bucket that was hosting the library, a bad actor was able to inject code that made the user’s browser load an extraneous URL that has been associated with the Magecart group of attacks,” the company shared.

Archives

Archives

About Us

Our mission is to help users and also IT security passionate to reach relevant information related to cyber security.

This publication contains a lot of information and guidance on how to better protect your IT systems, data and activities from malicious factors, and also on how to safely navigate the Internet.

We look forward to hearing from you about cyber safety. Please let us know if there’s something specific you’re interested in learning about.

Contact Us

Name *
Your name is required

E-mail *
Email address entered is invalid

Please enter a message

Incorrect security code

The Latest in IT Security

Categories

Featured

Archives

Latest Comments

About Us

Contact Us