Thursday, July 19, 2018

Xen Security Advisory 267 (XSA-267)

June 13, 2018 2:00 PM PDT CVE Identifiers: CVE-2018-3665 A new speculative execution side-channel issue concerning Intel processors was discovered by AWS in collaboration with Cyberus Technology. We reported this issue immediately to Intel, which has been working...

Additional Processor Speculative Execution Research Disclosures

2018/05/21 2:00 PM PDTCVE Identifiers: CVE-2018-3639 Intel has published a security advisory (SA-00115) regarding new variants of speculative execution side-channel issues concerning their processors. These issues do not impact AWS infrastructure. No customer’s instance can read the memory of...

Xen Security Advisories 260-262 (XSA-260, XSA-261, XSA-262)

2018/05/08 10:00AM PDT CVE Identifiers: CVE-2018-8897 The Xen Security Team has released Xen Security Advisories 260, 261 and 262 regarding the Xen hypervisor. AWS customers' data and instances are not affected by this issue, and no customer action...

Processor Speculative Execution Research Disclosure

Concerning: CVE-2017-5715, CVE-2017-5753, CVE-2017-5754 Update As Of: 2018/03/05 3:00 PM PST This is an update for this issue. An updated kernel for Amazon Linux is available within the Amazon Linux repositories. EC2 instances launched with the default Amazon Linux...

ROBOT TLS security issue

2017/12/15 07:30 PST AWS has taken appropriate action to ensure that customer resources and data are not affected by the recently published Return Of Bleichenbacher's Oracle Threat (ROBOT) issue. No action is required of AWS customers.  

Xen Security Advisories – October 2017

2017/10/12 05:00 PDT The Xen Security team has published Security Advisories 236-244 regarding the Xen hypervisor. AWS customers' data and instances are not affected by this issue, and no customer action is required.

Xen Security Advisories – September 2017

2017/09/12 05:00AM PDT The Xen Security team has published Security Advisories 231-234 regarding the Xen hypervisor. AWS customers' data and instances are not affected by this issue, and no customer action is required.

Xen Security Advisories – August 2017

2017/08/15 8:00AM PDT The Xen Security team has published Xen Security Advisories 226-230 regarding the Xen hypervisor. AWS customers' data and instances are not affected by this issue, and no customer action is required.

Why the Best Defense Is a Good Offensive Security Strategy

When many people think about offensive security, they picture a mysterious figure wearing a hoodie, sitting behind a black-and-green terminal, diligently typing away as he probes enterprise networks. But the cybersecurity world has evolved well beyond this Hollywood hacker...

Google hit with $5.1b fine in EU’s Android antitrust case

This could mean the end of free Android. In the meantime, Google plans to appeal.

Privacy Advocates Say Kelsey Smith Act Gives Police Too Much Power

This bill making its way through Congress would allow law enforcement to more easily uncover location data for cell phones from mobile carriers in an emergency.

IDG Contributor Network: Hack like a CISO

I have written several times over the last couple of years about how the role of today’s CISOs have changed and are now more tuned to support business activities and the management of enterprise risk. Serving an organization as...

Cisco patches critical vulnerabilities in Policy Suite

One of the worst security flaws permits attackers to act as root and execute arbitrary code.