Tuesday, March 2, 2021

Sudo Security Issue (CVE-2021-3156)

Initial Publication Date: 2021/01/26 2:11PM PST CVE Identifier: CVE-2021-3156 AWS is aware of the security issue recently disclosed by the open source community affecting the Linux "sudo" utility (CVE-2021-3156). This issue may permit unprivileged users to run privileged commands....

Android Security Advisory

2015/07/28 - 6:00PM PST   AWS is aware of the recently reported Android security issues described in: CVE-2015-1538, CVE-2015-1539, CVE-2015-3824, CVE-2015-3826, CVE-2015-3827, CVE-2015-3828, CVE-2015-3829. These issues present a risk to all data present on your Android device, which may...

HeartBleed Bug Concern

April 7, 2014 AWS is aware of the HeartBleed Bug (CVE-2014-0160) in OpenSSL and investigating any impact or required remediation. We will post back when we have more detail. April 8, 2014 Update: For the latest updates, please...

Morto Worm Spreading via Remote Desktop Protocol

August 31, 2011 A new Internet worm has been reported that spreads via Microsoft's Remote Desk Protocol (RDP). This worm scans an infected host's subnet for other hosts running RDP and attempts access to them using a pre-configured set...

MS15-078 Advisory

2015/07/21 - 12:35 PM PST - Update   AWS Elastic Beanstalk We have updated all Elastic Beanstalk Windows containers per MS15-JULY, as described at https://technet.microsoft.com/en-us/library/security/ms15-jul.aspx. Steps to migrate your existing environment to the updated version: 1. Log in...

XSA Security Advisory CVE-2015-3456

2015/05/13 - 5:20 AM PDT   We are aware of the QEMU security issue assigned CVE-2015-3456, also known as "VENOM," which impacts various virtualized platforms. There is no risk to AWS customer data or instances. Information on the Xen-specific...

Xen Security Advisory (XSA-286)

Initial Publication Date: 2020/10/23 5:00PM PST ----- AWS is aware of Xen Security Advisories XSA-286 (https://xenbits.xen.org/xsa/advisory-286.html), XSA-331 (https://xenbits.xen.org/xsa/advisory-331.html), XSA-332 (https://xenbits.xen.org/xsa/advisory-332.html), XSA-345 (https://xenbits.xen.org/xsa/advisory-345.html), XSA-346 (https://xenbits.xen.org/xsa/advisory-346.html), and XSA-347 (https://xenbits.xen.org/xsa/advisory-347.html) released by the Xen Security team on October 20th 2020. Xen...

Xen Security Advisory 337 (XSA-337) (CVE-2020-25595)

Initial Publication Date: 2020/09/22 8:45AM PST CVE Identifier: CVE-2020-25595 AWS is aware of Xen Security Advisory 337 released by the Xen Security team on September 22nd 2020. Nitro based instances are not affected. The issue depends on PCI devices...

Xen Security Advisory 336 (XSA-336) (CVE-2020-25604)

Initial Publication Date: 2020/09/22 8:45AM PST CVE Identifier: CVE-2020-25604 AWS is aware of Xen Security Advisory 336 released by the Xen Security team on September 22nd 2020. Nitro based instances are not affected. Under rare circumstances, a guest may be able...

Container Networking Security Issue (CVE-2020-8558)

Last Updated: 2020/07/09 6:30PM PDT CVE Identifier: CVE-2020-8558 This is an update for this issue. AWS is aware of a security issue, recently disclosed by the Kubernetes community, affecting Linux container networking (CVE-2020-8558). This issue may allow containers running...

Windows CIFS Browser Protocol Heap Corruption Vulnerability

February 18, 2011   An anonymous reporter has publicly announced a previously undisclosed vulnerability affecting the BROWSER protocol on Windows systems. In addition, the reporter has released proof-of-concept exploit code. Use of the code can...

Minimum Version of TLS 1.2 Required for FIPS Endpoints by March 31, 2021

Initial Publication Date: 2020/03/31 11:15AM PDT AWS is updating all AWS Federal Information Processing Standard (FIPS) endpoints to a minimum Transport Layer Security (TLS) version of 1.2 across all AWS Regions by March 31, 2021. This update will...

Universal Health Services Takes $67 Million Hit From Cyberattack

Healthcare services provider Universal Health Services (UHS) last week revealed that a cyberattack it fell victim to in September 2020 had an estimated financial impact of $67 million. read more

Attacker Expands Use of Malicious SEO Techniques to Distribute Malware

The operators of REvil and Gootkit have begun using a tried and tested technique to distribute additional malware, Sophos says.

Quarter of Healthcare Apps Contain High Severity Bugs

Quarter of Healthcare Apps Contain High Severity Bugs A quarter (25%) of healthcare apps contain high severity flaws, but healthcare organizations (HCOs) are relatively quick to fix them, according to new data from Veracode. The security vendor broke out sector-specific...

Microsoft Teams Issues Major Blow To Zoom With Game-Changing New Security Features

Microsoft Teams has just issued a massive blow to Zoom with the launch of multiple new security features, including the game-changing security feature it was previously lacking.

Kaspersky to Co-Chair Working Group of the Paris Call

Kaspersky to Co-Chair Working Group of the Paris Call Kaspersky has announced it is partnering with Cigref to co-chair the Working Group 6 (WGF) as part of the Paris Call for Trust and Security in Cyberspace initiative. The group...