Friday, June 5, 2020
AWS

Minimum Version of TLS 1.2 Required for FIPS Endpoints by March 31, 2021

Initial Publication Date: 2020/03/31 11:15AM PDT AWS is updating all AWS Federal Information Processing Standard (FIPS) endpoints to a minimum Transport Layer Security (TLS) version of 1.2 across all AWS Regions by March 31, 2021. This update will...
AWS

Kubernetes Security Issue (CVE-2019-11249)

Last Updated: August 15, 2019 9:00AM PDT CVE Identifier: CVE-2019-11249 AWS is aware of a security issue (CVE-2019-11249) which resolves incomplete fixes for CVE-2019-1002101 and CVE-2019-11246. Like the aforementioned CVEs, the issue is in the Kubernetes kubectl tool that...
AWS

Kubernetes Security Issue (CVE-2019-11246)

July 02, 2019 2:00 PM PDT CVE Identifier: CVE-2019-11246 AWS is aware of a security vulnerability (CVE-2019-11246) in the Kubernetes kubectl tool that could allow a malicious container to replace or create files on a user's workstation. If a...
AWS

[v2] Linux Kernel TCP SACK Denial of Service Issues

Last Updated: June 17, 2019 14:15PM PDT CVE Identifiers: CVE-2019-11477, CVE-2019-11478, CVE-2019-11479 This is an update for this issue. Updated Linux kernels for Amazon Linux are available in the Amazon Linux repositories, and updated Amazon Linux AMIs are available for...
AWS

[v3] Linux Kernel TCP SACK Denial of Service Issues

Last Updated: June 17, 2019 17:00PM PDT CVE Identifiers: CVE-2019-11477, CVE-2019-11478, CVE-2019-11479 This is an update for this issue. AWS Elastic Beanstalk Updated AWS Elastic Beanstalk Linux-based platform versions are available. Customers using Managed Platform Updates will be automatically updated...
AWS

[v1] Linux Kernel TCP SACK Denial of Service Issues

You are viewing a previous version of this security bulletin. For the most current version please visit: "Linux Kernel TCP SACK Denial of Service Issues". June 17, 2019 10:00AM PDT CVE Identifiers: CVE-2019-11477, CVE-2019-11478, CVE-2019-11479 AWS is aware of three...
AWS

Linux Kernel TCP SACK Denial of Service Issues

June 17, 2019 10:00AM PDT CVE Identifiers: CVE-2019-11477, CVE-2019-11478, CVE-2019-11479 AWS is aware of three recently-disclosed issues which affect the TCP processing subsystem of the Linux kernel. Specifically, a malicious TCP client or server can transmit a specially crafted series...

Spear Phishing Campaign Hits Developer Collaboration System Users

Users of Zeplin, a popular developer and designer collaboration system, have been hit with new waves of spearphishing attacks in the last month.
The Register

British Army pulls up its SOC: New regiment to do infosec work even civvies will recognise

That's Systems Operating Centre to you. Chuffed with that, says Royal Signals brigadier The British Army has raised a new regiment that will take charge of its in-house security operations centre, a move calculated to make cyber defence a...

FTC Slams Children’s App Developer for COPPA Violations

Children's app developer HyperBeard must pay $150,000 after the FTC claimed it violated privacy laws.
SecurityWeek

Business Services Provider Conduent Hit by Ransomware

Business process services provider Conduent has been the victim of a ransomware attack that appears to be the work of Maze operators. Formed in 2017 as a divestiture from Xerox and headquartered in New Jersey, the company offers digital platforms...
SC Magazine

Cisco security advisories address 47 flaws, three critical

Cisco Systems on Wednesday, June 3 released a series of security advisories addressing a total of 47 vulnerabilities, including three critical bugs that were found and fixed in IOS or IOS EX software. Among the most series flaws is a...