Reported EKS IAM Authenticator Issue
Initial Publication Date: 2022/07/11 9:00 PST
A security researcher recently reported an issue with the AWS IAM Authenticator for Kubernetes, used by Amazon Elastic Kubernetes Service (EKS). The researcher identified a query parameter validation issue within the authenticator...
Reported Apache Log4j Hotpatch Issues
Initial Publication Date: 2022/04/19 14:30 PST CVE IDs: CVE-2021-3100, CVE-2021-3101, CVE-2022-0070, CVE-2022-0071
On December 12, 2021, Amazon publicly released a hotpatch for running Java VMs which disables the loading of the Java Naming and Directory Interface (JNDI) class....
Reported AWS Desktop VPN Client for Windows Issue
Initial Publication Date: 2022/04/12 15:30 PST
AWS is aware of the issues described in CVE-2022-25165 and CVE-2022-25166 relating to the AWS-provided Desktop VPN Client for Windows. These issues affect only client versions 2.0.0 and below; they have been...
Reported Amazon RDS PostgreSQL issue
Initial Publication Date: 2022/04/11 16:45 PST
A security researcher recently reported an issue with Aurora PostgreSQL. Using this issue, they were able to gain access to internal credentials that were specific to their Aurora cluster. No cross-customer or...
CVE-2022-0778 awareness
Initial Publication Date: 2022/03/17 20:42 PST
AWS is aware of an issue present in OpenSSL versions 1.0.2, 1.1.1, and 3.0 in which a certificate containing invalid explicit curve parameters can cause denial of service (DoS) by triggering an...
Reported AWS Glue Issue
Initial Publication Date: 2022/01/13 13:00 PST
A security researcher recently reported an issue that allowed them to take actions as the AWS Glue service. Utilizing an AWS Glue feature, researchers obtained credentials specific to the service itself, and an...
Reported AWS CloudFormation Issue
Initial Publication Date: 2022/01/13 13:00 PST
Security researchers recently identified and reported an issue in AWS CloudFormation. Specifically, the reported issue was in the AWS CloudFormation service itself, which allowed viewing of some local configuration files on an AWS-internal...
AWSSupportServiceRolePolicy Informational Update
Between December 21, 2021 at 23:48 UTC and December 22, 2021 at 08:23 UTC, the policy used by AWS Support automated systems - AWSSupportServiceRolePolicy - inadvertently included S3:GetObject permissions. This change has been reverted. While these permissions were temporarily...
Update for Apache Log4j2 Issue (CVE-2021-44228)
Initial Publication Date: 2021/12/11 7:30 PM PDT
AWS is aware of the recently disclosed security issue relating to the open-source Apache “Log4j2" utility (CVE-2021-44228). We are actively monitoring this issue, and are working on addressing it for any AWS...
Apache Log4j2 Issue (CVE-2021-44228)
Initial Publication Date: 2021/12/10 7:20 PM PDT
AWS is aware of the recently disclosed security issue relating to the open-source Apache “Log4j2" utility (CVE-2021-44228). We are actively monitoring this issue, and are working on addressing it for any AWS...
Phishers who breached Twilio and fooled Cloudflare could easily get you, too
Enlarge (credit: Getty Images)
At least two security-sensitive companies—Twilio and Cloudflare—were targeted in a phishing attack by an advanced threat actor who had possession of home phone numbers of not...
Microsoft Patch Tuesday, August 2022 Edition
Microsoft today released updates to fix a record 141 security vulnerabilities in its Windows operating systems and related software. Once again, Microsoft is patching a zero-day vulnerability in the Microsoft Support Diagnostics Tool (MSDT), a service built into Windows....
One of 5G's Biggest Features Is a Security Minefield
New research found troubling vulnerabilities in the 5G platforms carriers offer to wrangle embedded device data.
Patch Tuesday: Yet another Microsoft RCE bug under active exploit
Oh, and that critical VMware auth bypass vuln? Miscreants found it, too August Patch Tuesday clicks off the week of hacker summer camp in Las Vegas this year, so it's basically a code cracker's holiday too. …
