Tuesday, September 25, 2018

L1 Terminal Fault Speculative Execution Issue

August 14, 2018 11:00 AM PDT Intel has published a security advisory (INTEL-SA-00161) regarding a new side-channel analysis method concerning their processors called "L1 Terminal Fault" (L1TF). AWS has designed and implemented its infrastructure with protections against these types...

Linux Kernel SegmentSmack Issue

August 6, 2018 1:00 PM PDT CVE Identifiers: CVE-2018-5390 AWS is aware of a recently-disclosed security issue, commonly referred to as SegmentSmack, which affects the TCP processing subsystem of several popular operating systems including Linux. AWS services are operating...

Xen Security Advisory 267 (XSA-267)

June 13, 2018 2:00 PM PDT CVE Identifiers: CVE-2018-3665 A new speculative execution side-channel issue concerning Intel processors was discovered by AWS in collaboration with Cyberus Technology. We reported this issue immediately to Intel, which has been working...

Additional Processor Speculative Execution Research Disclosures

2018/05/21 2:00 PM PDTCVE Identifiers: CVE-2018-3639 Intel has published a security advisory (SA-00115) regarding new variants of speculative execution side-channel issues concerning their processors. These issues do not impact AWS infrastructure. No customer’s instance can read the memory of...

Xen Security Advisories 260-262 (XSA-260, XSA-261, XSA-262)

2018/05/08 10:00AM PDT CVE Identifiers: CVE-2018-8897 The Xen Security Team has released Xen Security Advisories 260, 261 and 262 regarding the Xen hypervisor. AWS customers' data and instances are not affected by this issue, and no customer action...

Processor Speculative Execution Research Disclosure

Concerning: CVE-2017-5715, CVE-2017-5753, CVE-2017-5754 Update As Of: 2018/03/05 3:00 PM PST This is an update for this issue. An updated kernel for Amazon Linux is available within the Amazon Linux repositories. EC2 instances launched with the default Amazon Linux...

ROBOT TLS security issue

2017/12/15 07:30 PST AWS has taken appropriate action to ensure that customer resources and data are not affected by the recently published Return Of Bleichenbacher's Oracle Threat (ROBOT) issue. No action is required of AWS customers.  

Xen Security Advisories – October 2017

2017/10/12 05:00 PDT The Xen Security team has published Security Advisories 236-244 regarding the Xen hypervisor. AWS customers' data and instances are not affected by this issue, and no customer action is required.

Breach at US Retailer SHEIN Hits Over Six Million Users

Breach at US Retailer SHEIN Hits Over Six Million UsersUS fashion retailer SHEIN has admitted suffering a major breach affecting the personal information of over six million customers. The women’s clothing company revealed at the end of last week that...
The Register

Bug? Feature? Power users baffled as BitLocker update switch-off continues

Microsoft claims issue confined to older kit Three months on, users continue to report that Microsoft's BitLocker disk encryption technology turns itself off during security updates.…

UK issues first-ever GDPR notice in connection to Facebook data scandal

Canadian firm AggregateIQ, linked to the Facebook & Cambridge Analytica data scandal, is the first to be put on notice.

Symantec Completes Internal Accounting Investigation

Symantec announced on Monday that it has completed its internal accounting audit, and while some issues have been uncovered, only one customer transaction has an impact on financial statements. read more

Are Colleges Teaching Real-World Cyber Security Skills?

The cybersecurity skill shortage is a well-recognized industry challenge, but the problem isn’t that there are too few people rather that many of them lack suitable skills and experience. Cybersecurity is a fast-growing profession, and talented graduates are in...