Tuesday, May 21, 2019
AWS

Intel Quarterly Security Release (QSR) 2019.1

May 14, 2019 10:00 AM PDT CVE Identifiers: CVE-2018-12126, CVE-2018-12127, CVE-2018-12130, CVE-2019-11091 Xen Security Advisories: XSA-297 Intel has published a security advisory (INTEL-SA-00233) regarding new information disclosure methods "Microarchitectural Data Sampling" (MDS) related to their processors. In parallel, the Xen...
AWS

Kubernetes Security Issues (CVE-2019-1002101 and CVE-2019-9946)

March 28, 2019 10:00AM PDT AWS is aware of two recently disclosed security issues in Kubernetes (CVE-2019-1002101 and CVE-2019-9946). With the exception of the AWS services listed below, no customer action is required to address these issues. Amazon Elastic...
AWS

Container Security Issue (CVE-2019-5736)

February 11, 2019 7:00 AM PST CVE Identifier: CVE-2019-5736 AWS is aware of the recently disclosed security issue which affects several open-source container management systems (CVE-2019-5736). With the exception of the AWS services listed below, no customer action is...
AWS

Kubernetes Security Issues (CVE-2018-18264 and kubectl proxy)

January 4, 2019 9:00 AM PST AWS is aware of the two recent security issues disclosed within Kubernetes regarding the Kubernetes API server ("kubectl proxy"), and the Kubernetes Dashboard (CVE-2018-18264). Amazon Elastic Container Service for Kubernetes (EKS) is not...
AWS

Kubernetes Security Issue (CVE-2018-1002105)

2018/12/04 1:00 PM PST AWS is aware of a recent security issue within Kubernetes, assigned CVE identifier CVE-2018-1002105. Amazon Elastic Container Service for Kubernetes (EKS) manages the Kubernetes control plane on behalf of customers. Any new clusters launched after...
AWS

L1 Terminal Fault Speculative Execution Issue

August 14, 2018 11:00 AM PDT Intel has published a security advisory (INTEL-SA-00161) regarding a new side-channel analysis method concerning their processors called "L1 Terminal Fault" (L1TF). AWS has designed and implemented its infrastructure with protections against these types...
AWS

Linux Kernel SegmentSmack Issue

August 6, 2018 1:00 PM PDT CVE Identifiers: CVE-2018-5390 AWS is aware of a recently-disclosed security issue, commonly referred to as SegmentSmack, which affects the TCP processing subsystem of several popular operating systems including Linux. AWS services are operating...
AWS

Xen Security Advisory 267 (XSA-267)

June 13, 2018 2:00 PM PDT CVE Identifiers: CVE-2018-3665 A new speculative execution side-channel issue concerning Intel processors was discovered by AWS in collaboration with Cyberus Technology. We reported this issue immediately to Intel, which has been working...
AWS

Additional Processor Speculative Execution Research Disclosures

2018/05/21 2:00 PM PDTCVE Identifiers: CVE-2018-3639 Intel has published a security advisory (SA-00115) regarding new variants of speculative execution side-channel issues concerning their processors. These issues do not impact AWS infrastructure. No customer’s instance can read the memory of...

Amnesty sues maker of Pegasus, the spyware let in by WhatsApp zero day

Amnesty International, which was sent the Pegasus spyware via a WhatsApp message, is seeking to stop NSO Group’s "web of surveillance."

Rats leave the sinking ship as hackers’ forum gets hacked

The OGUsers forum, which trades in hijacked social accounts, has been hacked, its hard drives wiped, and its user database published online.
SecurityWeek

US Warns Chinese Drones May Steal Data: Report

Washington has warned that Chinese-made drones could be giving spy agencies in Beijing "unfettered access" to stolen data, according to a report in American media. The Department of Homeland Security sent out an alert on Monday flagging drones built in...
The Register

iPhone gyroscopes, of all things, can uniquely ID handsets on anything earlier than iOS 12.2

Cheapskate fandroids get a pass on this one, though Your iPhone can be uniquely fingerprinted by apps and websites in a way that you can never clear. Not by deleting cookies, not by clearing your cache, not even by...
Bruce Schneier

How Technology and Politics Are Changing Spycraft

Interesting article about how traditional nation-based spycraft is changing. Basically, the Internet makes it increasingly possible to generate a good cover story; cell phone and other electronic surveillance techniques make tracking people easier; and machine learning will make all...