Kubernetes Security Issue (CVE-2018-1002105)
2018/12/04 1:00 PM PST
AWS is aware of a recent security issue within Kubernetes, assigned CVE identifier CVE-2018-1002105. Amazon Elastic Container Service for Kubernetes (EKS) manages the Kubernetes control plane on behalf of customers. Any new clusters launched after...
L1 Terminal Fault Speculative Execution Issue
August 14, 2018 11:00 AM PDT
Intel has published a security advisory (INTEL-SA-00161) regarding a new side-channel analysis method concerning their processors called "L1 Terminal Fault" (L1TF). AWS has designed and implemented its infrastructure with protections against these types...
Linux Kernel SegmentSmack Issue
August 6, 2018 1:00 PM PDT
CVE Identifiers: CVE-2018-5390
AWS is aware of a recently-disclosed security issue, commonly referred to as SegmentSmack, which affects the TCP processing subsystem of several popular operating systems including Linux.
AWS services are operating...
Xen Security Advisory 267 (XSA-267)
June 13, 2018 2:00 PM PDT
CVE Identifiers: CVE-2018-3665
A new speculative execution side-channel issue concerning Intel processors was discovered by AWS in collaboration with Cyberus Technology. We reported this issue immediately to Intel, which has been working...
Additional Processor Speculative Execution Research Disclosures
2018/05/21 2:00 PM PDTCVE Identifiers: CVE-2018-3639
Intel has published a security advisory (SA-00115) regarding new variants of speculative execution side-channel issues concerning their processors.
These issues do not impact AWS infrastructure. No customer’s instance can read the memory of...
Xen Security Advisories 260-262 (XSA-260, XSA-261, XSA-262)
2018/05/08 10:00AM PDT
CVE Identifiers: CVE-2018-8897 The Xen Security Team has released Xen Security Advisories 260, 261 and 262 regarding the Xen hypervisor. AWS customers' data and instances are not affected by this issue, and no customer action...
Processor Speculative Execution Research Disclosure
Concerning: CVE-2017-5715, CVE-2017-5753, CVE-2017-5754
Update As Of: 2018/03/05 3:00 PM PST
This is an update for this issue.
An updated kernel for Amazon Linux is available within the Amazon Linux repositories. EC2 instances launched with the default Amazon Linux...
ROBOT TLS security issue
2017/12/15 07:30 PST
AWS has taken appropriate action to ensure that customer resources and data are not affected by the recently published Return Of Bleichenbacher's Oracle Threat (ROBOT) issue. No action is required of AWS customers.
Lenovo tells Asia-Pacific staff: Work lappy with your unencrypted data on it has been nicked
That's thousands of employees' names, monthly salaries, bank details Exclusive A corporate-issued laptop lifted from a Lenovo employee in Singapore contained a cornucopia of unencrypted payroll data on staff based in the Asia Pacific region, The Register can exclusively...
Why You Need a BGP Hijack Response Plan
The vast majority of computer security incidents involve some sort of phishing or malware. Typically, this is the type of incident that receives the most attention from organizations, and for which security controls are established. And rightfully so —...
Bug Affected 52.5 Million Users in Connection with a Google+ API
A bug connected to a Google+ API potentially exposed the profile information belonging to 52.5 million users of Google’s social network. According to David Thacker, VP of Product Management for G Suite, a software update in November introduced the...
Why Have We Become Desensitised To Cyber-Attacks?
1989 was of a year of positive milestones which would have a profound impact on the way we live and work today. The World Wide Web was invented, the Berlin Wall was torn down, and the first GPS satellite...
Quarter of NHS Trusts Have No Security Pros
Quarter of NHS Trusts Have No Security ProsNew research has revealed a dearth of qualified cybersecurity staff in the NHS and low levels of spending on in-house training for employees.
RedScan received Freedom of Information (FOI) responses from 159 trusts...
