Cybersecurity

CIRT insights: How to help prevent unauthorized account removals from AWS Organizations

1m & 7 s read4 views0 listens

The blog post discusses a common technique used by threat actors to evade detection and control within AWS environments. Specifically, it focuses on how attackers manipulate AWS Organizations to remove accounts from the governance controls that an organization has set up. This is often done after gaining initial access through compromised credentials or other means.

Key Points:

Technique Description:
- Attackers use this technique to disable security measures like CloudTrail and GuardDuty.
- They separate affected AWS accounts from the broader organizational structure, thereby reducing visibility and control over these accounts.
Detection of This Technique:
- The post highlights that detecting such actions is crucial for maintaining security posture.
- It mentions that this technique is part of a larger pattern where attackers try to remove accounts from governance controls provided by AWS Organizations.
Preventive Measures:
- Implement the DenyLeaveOrganizationSCP policy: This Service Control Policy (SCP) prevents users from removing their account from an organization.
- Secure Root Accounts: Enable multi-factor authentication (MFA), delete root access keys, and manage root credentials centrally to reduce risk.
- Review IAM Permissions: Ensure that permissions are tightly controlled and do not allow wide-ranging actions

Read the full article at AWS Security Blog

Want to create content about this topic? Use Nemati AI tools to generate articles, social posts, and more.

GitHub Breach; Faster Old Problems; and Mythos Helps Bypass Apple M5 Chip Security

It looks like you've provided an excerpt from a cybersecurity newsletter or blog post discussing recent developments in security and technology. Here's a summary of the key points: Vulnerability Exploitation as Primary Attack Vector: According to t...

Ali Nemati

CybersecurityMay 1150 sec read

Top 10 Best Interactive Malware Analysis Tools in 2026

Based on the provided text, here are the top 7 best sandbox tools for malware analysis in 2026: VMRay Architecture: Agentless hypervisor technology. Deployment Options: On-Premise and Cloud. Features: Agentless monitoring Exact real-world environmen...

Ali Nemati

CybersecurityMay 829 sec read

InfoSec News Nuggets 05/08/2026

Ivanti has patched a critical zero-day vulnerability in its Endpoint Manager Mobile (EPMM) software, which was exploited in targeted attacks. This update is crucial for organizations to protect their mobile device management infrastructure from unaut...

Ali Nemati

CybersecurityMay 847 sec read

New PCPJack Worm Targets Docker, Kubernetes, Redis, and MongoDB for Credential Theft

Summary A new worm called PCPJack has emerged, targeting Docker, Kubernetes, Redis, and MongoDB environments to steal credentials. This malware leverages a variety of vulnerabilities, including those in Next.js middleware, React Server Actions, WPViv...

Ali Nemati

AI & Machine LearningMay 726 sec read

Docker 27.0 vs Podman 5.0 for Rootless Containers: 500 Enterprise Adoption Survey Finds 27% Fewer Security Vulnerabilities

A survey of 500 enterprise IT teams found that environments using Podman 5.0 for rootless containers reported 27% fewer critical security vulnerabilities compared to those using Docker 27.0 over a year, highlighting the superior security features of ...

Ali Nemati

CIRT insights: How to help prevent unauthorized account removals from AWS Organizations

Key Points:

Related Articles

GitHub Breach; Faster Old Problems; and Mythos Helps Bypass Apple M5 Chip Security

Top 10 Best Interactive Malware Analysis Tools in 2026

InfoSec News Nuggets 05/08/2026

New PCPJack Worm Targets Docker, Kubernetes, Redis, and MongoDB for Credential Theft

Docker 27.0 vs Podman 5.0 for Rootless Containers: 500 Enterprise Adoption Survey Finds 27% Fewer Security Vulnerabilities