Intel Quarterly Security Release (QSR) 2019.1
May 14, 2019 10:00 AM PDT
CVE Identifiers: CVE-2018-12126, CVE-2018-12127, CVE-2018-12130, CVE-2019-11091
Xen Security Advisories: XSA-297
Intel has published a security advisory (INTEL-SA-00233) regarding new information disclosure methods "Microarchitectural Data Sampling" (MDS) related to their processors. In parallel, the Xen...
Kubernetes Security Issues (CVE-2019-1002101 and CVE-2019-9946)
March 28, 2019 10:00AM PDT
AWS is aware of two recently disclosed security issues in Kubernetes (CVE-2019-1002101 and CVE-2019-9946). With the exception of the AWS services listed below, no customer action is required to address these issues.
Amazon Elastic...
Container Security Issue (CVE-2019-5736)
February 11, 2019 7:00 AM PST
CVE Identifier: CVE-2019-5736
AWS is aware of the recently disclosed security issue which affects several open-source container management systems (CVE-2019-5736). With the exception of the AWS services listed below, no customer action is...
Kubernetes Security Issues (CVE-2018-18264 and kubectl proxy)
January 4, 2019 9:00 AM PST
AWS is aware of the two recent security issues disclosed within Kubernetes regarding the Kubernetes API server ("kubectl proxy"), and the Kubernetes Dashboard (CVE-2018-18264). Amazon Elastic Container Service for Kubernetes (EKS) is not...
Kubernetes Security Issue (CVE-2018-1002105)
2018/12/04 1:00 PM PST
AWS is aware of a recent security issue within Kubernetes, assigned CVE identifier CVE-2018-1002105. Amazon Elastic Container Service for Kubernetes (EKS) manages the Kubernetes control plane on behalf of customers. Any new clusters launched after...
L1 Terminal Fault Speculative Execution Issue
August 14, 2018 11:00 AM PDT
Intel has published a security advisory (INTEL-SA-00161) regarding a new side-channel analysis method concerning their processors called "L1 Terminal Fault" (L1TF). AWS has designed and implemented its infrastructure with protections against these types...
Linux Kernel SegmentSmack Issue
August 6, 2018 1:00 PM PDT
CVE Identifiers: CVE-2018-5390
AWS is aware of a recently-disclosed security issue, commonly referred to as SegmentSmack, which affects the TCP processing subsystem of several popular operating systems including Linux.
AWS services are operating...
Xen Security Advisory 267 (XSA-267)
June 13, 2018 2:00 PM PDT
CVE Identifiers: CVE-2018-3665
A new speculative execution side-channel issue concerning Intel processors was discovered by AWS in collaboration with Cyberus Technology. We reported this issue immediately to Intel, which has been working...
Additional Processor Speculative Execution Research Disclosures
2018/05/21 2:00 PM PDTCVE Identifiers: CVE-2018-3639
Intel has published a security advisory (SA-00115) regarding new variants of speculative execution side-channel issues concerning their processors.
These issues do not impact AWS infrastructure. No customer’s instance can read the memory of...
Amnesty sues maker of Pegasus, the spyware let in by WhatsApp zero day
Amnesty International, which was sent the Pegasus spyware via a WhatsApp message, is seeking to stop NSO Group’s "web of surveillance."
Rats leave the sinking ship as hackers’ forum gets hacked
The OGUsers forum, which trades in hijacked social accounts, has been hacked, its hard drives wiped, and its user database published online.
US Warns Chinese Drones May Steal Data: Report
Washington has warned that Chinese-made drones could be giving spy agencies in Beijing "unfettered access" to stolen data, according to a report in American media.
The Department of Homeland Security sent out an alert on Monday flagging drones built in...
iPhone gyroscopes, of all things, can uniquely ID handsets on anything earlier than iOS 12.2
Cheapskate fandroids get a pass on this one, though Your iPhone can be uniquely fingerprinted by apps and websites in a way that you can never clear. Not by deleting cookies, not by clearing your cache, not even by...
How Technology and Politics Are Changing Spycraft
Interesting article about how traditional nation-based spycraft is changing. Basically, the Internet makes it increasingly possible to generate a good cover story; cell phone and other electronic surveillance techniques make tracking people easier; and machine learning will make all...
