Saturday, July 20, 2019
AWS

Kubernetes Security Issue (CVE-2019-11246)

July 02, 2019 2:00 PM PDT CVE Identifier: CVE-2019-11246 AWS is aware of a security vulnerability (CVE-2019-11246) in the Kubernetes kubectl tool that could allow a malicious container to replace or create files on a user's workstation. If a...
AWS

Linux Kernel TCP SACK Denial of Service Issues

June 17, 2019 10:00AM PDT CVE Identifiers: CVE-2019-11477, CVE-2019-11478, CVE-2019-11479 AWS is aware of three recently-disclosed issues which affect the TCP processing subsystem of the Linux kernel. Specifically, a malicious TCP client or server can transmit a specially crafted series...
AWS

Intel Quarterly Security Release (QSR) 2019.1

May 14, 2019 10:00 AM PDT CVE Identifiers: CVE-2018-12126, CVE-2018-12127, CVE-2018-12130, CVE-2019-11091 Xen Security Advisories: XSA-297 Intel has published a security advisory (INTEL-SA-00233) regarding new information disclosure methods "Microarchitectural Data Sampling" (MDS) related to their processors. In parallel, the Xen...
AWS

Kubernetes Security Issues (CVE-2019-1002101 and CVE-2019-9946)

March 28, 2019 10:00AM PDT AWS is aware of two recently disclosed security issues in Kubernetes (CVE-2019-1002101 and CVE-2019-9946). With the exception of the AWS services listed below, no customer action is required to address these issues. Amazon Elastic...
AWS

Container Security Issue (CVE-2019-5736)

February 11, 2019 7:00 AM PST CVE Identifier: CVE-2019-5736 AWS is aware of the recently disclosed security issue which affects several open-source container management systems (CVE-2019-5736). With the exception of the AWS services listed below, no customer action is...
AWS

Kubernetes Security Issues (CVE-2018-18264 and kubectl proxy)

January 4, 2019 9:00 AM PST AWS is aware of the two recent security issues disclosed within Kubernetes regarding the Kubernetes API server ("kubectl proxy"), and the Kubernetes Dashboard (CVE-2018-18264). Amazon Elastic Container Service for Kubernetes (EKS) is not...
AWS

Kubernetes Security Issue (CVE-2018-1002105)

2018/12/04 1:00 PM PST AWS is aware of a recent security issue within Kubernetes, assigned CVE identifier CVE-2018-1002105. Amazon Elastic Container Service for Kubernetes (EKS) manages the Kubernetes control plane on behalf of customers. Any new clusters launched after...
AWS

L1 Terminal Fault Speculative Execution Issue

August 14, 2018 11:00 AM PDT Intel has published a security advisory (INTEL-SA-00161) regarding a new side-channel analysis method concerning their processors called "L1 Terminal Fault" (L1TF). AWS has designed and implemented its infrastructure with protections against these types...
AWS

Linux Kernel SegmentSmack Issue

August 6, 2018 1:00 PM PDT CVE Identifiers: CVE-2018-5390 AWS is aware of a recently-disclosed security issue, commonly referred to as SegmentSmack, which affects the TCP processing subsystem of several popular operating systems including Linux. AWS services are operating...

Cisco Patches Critical Flaw in Vision Dynamic Signage Director

Cisco this week released a security patch for the Vision Dynamic Signage Director, to address a Critical vulnerability that could allow attackers to execute arbitrary actions on the local system.  Tracked as CVE-2019-1917, the vulnerability was found in the REST...

The Great Hack: the film that goes behind the scenes of the Facebook data scandal

This week, a Netflix documentary on Cambridge Analytica sheds light on one of the most complex scandals of our time. Carole Cadwalladr, who broke the story and appears in the film, looks at the fallout – and finds ‘surveillance...
SecurityWeek

Scotland Yard Twitter and Emails Hacked

London's Metropolitan Police apologised Saturday after its Twitter, emails and news pages were targeted by hackers and began pumping out a series of bizarre messages. read more

Browser Extensions Scraped Data From Millions of People

Slack passwords, NSO spyware, and more of the week's top security news.
ZDNet

Hackers breach FSB contractor, expose Tor deanonymization project and more

SyTech, the hacked company, was working on research projects for the FSB, Russia's intelligence service.