Fog Security revealed methods to evade AWS Trusted Advisor's S3 security checks, allowing public access to S3 buckets without triggering alerts. Despite reporting these issues to AWS, initial fixes were incomplete, leading to continued inaccurate assessments of bucket security. Their communication regarding the problem's severity was also criticized as insufficient.

This article details Yelp's approach to handling S3 server access logs at scale. It discusses the challenges of logging, the benefits of object-level logging for debugging and security, and the architecture used to optimize log storage by converting them into a more efficient format.

A critical vulnerability in AWS Lambda functions allows attackers to exploit OS command injection through S3 file uploads, potentially compromising AWS credentials and enabling further malicious actions such as phishing via AWS SES. The article highlights the importance of proper configuration and vulnerability scanning to prevent such attacks in event-driven architectures.