Tuesday, January 25, 2022
AWS

Reported AWS Glue Issue

Initial Publication Date: 2022/01/13 13:00 PST A security researcher recently reported an issue that allowed them to take actions as the AWS Glue service. Utilizing an AWS Glue feature, researchers obtained credentials specific to the service itself, and an...
AWS

Reported AWS CloudFormation Issue

Initial Publication Date: 2022/01/13 13:00 PST Security researchers recently identified and reported an issue in AWS CloudFormation. Specifically, the reported issue was in the AWS CloudFormation service itself, which allowed viewing of some local configuration files on an AWS-internal...
AWS

AWSSupportServiceRolePolicy Informational Update

Between December 21, 2021 at 23:48 UTC and December 22, 2021 at 08:23 UTC, the policy used by AWS Support automated systems - AWSSupportServiceRolePolicy - inadvertently included S3:GetObject permissions. This change has been reverted. While these permissions were temporarily...
AWS

Update for Apache Log4j2 Issue (CVE-2021-44228)

Initial Publication Date: 2021/12/11 7:30 PM PDT AWS is aware of the recently disclosed security issue relating to the open-source Apache “Log4j2" utility (CVE-2021-44228). We are actively monitoring this issue, and are working on addressing it for any AWS...
AWS

Apache Log4j2 Issue (CVE-2021-44228)

Initial Publication Date: 2021/12/10 7:20 PM PDT AWS is aware of the recently disclosed security issue relating to the open-source Apache “Log4j2" utility (CVE-2021-44228). We are actively monitoring this issue, and are working on addressing it for any AWS...
AWS

Xen Security Advisories (XSA-372, 373, 374, 375, and 377)

Initial Publication Date: 2021/06/08 3:30 PM PDT The Xen Security Team has released Xen Security Advisories 372, 373, 374, 375, and 377 regarding the Xen hypervisor. AWS customers’ data and instances are not affected by this issue, and no...
AWS

runC Security Issue (CVE-2021-30465)

Initial Publication Date: 2021/06/08 2:20 PM PDT AWS is aware of the recently disclosed security issue in runC which is a component of many container management systems (CVE-2021-30465). With the exception of the AWS services listed below, no customer action...
AWS

Resolved: Application Load Balancer Session Ticket Issue

Initial Publication Date: 2021/04/26 10:20 AM PDT On April 13th, 2021, AWS became aware of an edge case that affected how some Application Load Balancers (ALB) handled key rotation for TLS/SSL session ticket encryption. This edge case was...
AWS

Sudo Security Issue (CVE-2021-3156)

Initial Publication Date: 2021/01/26 2:11PM PST CVE Identifier: CVE-2021-3156 AWS is aware of the security issue recently disclosed by the open source community affecting the Linux "sudo" utility (CVE-2021-3156). This issue may permit unprivileged users to run privileged commands....

Test Your Team, Not Just Your Disaster Recovery Plan

Cyberattacks imperil business continuity, but there is a much more common security threat — unintentional human error.

Dark Souls servers taken down following discovery of critical vulnerability

Enlarge (credit: The_Grim_Sleeper) Bandai Namco, publisher of the Dark Souls role-playing game series, has taken down its player-versus-player servers while it investigates reports of a serious vulnerability that allows players...

Linux Servers at Risk of RCE Due to Critical CWP Bugs

The two flaws in Control Web Panel – a popular web hosting management software used by 200K+ servers – allow code execution as root on Linux servers.

Trickbot Injections Get Harder to Detect & Analyze

The authors of the infamous malware family have added measures for better protecting malicious code injections against inspection and research.

AT&T announces multi-gigabit fiber: $110 a month for 2Gbps, $180 for 5Gbps

Enlarge (credit: Getty Images | zf L) AT&T has started offering 2Gbps and 5Gbps symmetrical Internet speeds over its fiber-to-the-home network, the telecom company announced today. The multi-gigabit speeds are...