Tuesday, December 11, 2018
AWS

Kubernetes Security Issue (CVE-2018-1002105)

2018/12/04 1:00 PM PST AWS is aware of a recent security issue within Kubernetes, assigned CVE identifier CVE-2018-1002105. Amazon Elastic Container Service for Kubernetes (EKS) manages the Kubernetes control plane on behalf of customers. Any new clusters launched after...
AWS

L1 Terminal Fault Speculative Execution Issue

August 14, 2018 11:00 AM PDT Intel has published a security advisory (INTEL-SA-00161) regarding a new side-channel analysis method concerning their processors called "L1 Terminal Fault" (L1TF). AWS has designed and implemented its infrastructure with protections against these types...
AWS

Linux Kernel SegmentSmack Issue

August 6, 2018 1:00 PM PDT CVE Identifiers: CVE-2018-5390 AWS is aware of a recently-disclosed security issue, commonly referred to as SegmentSmack, which affects the TCP processing subsystem of several popular operating systems including Linux. AWS services are operating...
AWS

Xen Security Advisory 267 (XSA-267)

June 13, 2018 2:00 PM PDT CVE Identifiers: CVE-2018-3665 A new speculative execution side-channel issue concerning Intel processors was discovered by AWS in collaboration with Cyberus Technology. We reported this issue immediately to Intel, which has been working...
AWS

Additional Processor Speculative Execution Research Disclosures

2018/05/21 2:00 PM PDTCVE Identifiers: CVE-2018-3639 Intel has published a security advisory (SA-00115) regarding new variants of speculative execution side-channel issues concerning their processors. These issues do not impact AWS infrastructure. No customer’s instance can read the memory of...
AWS

Xen Security Advisories 260-262 (XSA-260, XSA-261, XSA-262)

2018/05/08 10:00AM PDT CVE Identifiers: CVE-2018-8897 The Xen Security Team has released Xen Security Advisories 260, 261 and 262 regarding the Xen hypervisor. AWS customers' data and instances are not affected by this issue, and no customer action...
AWS

Processor Speculative Execution Research Disclosure

Concerning: CVE-2017-5715, CVE-2017-5753, CVE-2017-5754 Update As Of: 2018/03/05 3:00 PM PST This is an update for this issue. An updated kernel for Amazon Linux is available within the Amazon Linux repositories. EC2 instances launched with the default Amazon Linux...
AWS

ROBOT TLS security issue

2017/12/15 07:30 PST AWS has taken appropriate action to ensure that customer resources and data are not affected by the recently published Return Of Bleichenbacher's Oracle Threat (ROBOT) issue. No action is required of AWS customers.  
The Register

Lenovo tells Asia-Pacific staff: Work lappy with your unencrypted data on it has been nicked

That's thousands of employees' names, monthly salaries, bank details Exclusive  A corporate-issued laptop lifted from a Lenovo employee in Singapore contained a cornucopia of unencrypted payroll data on staff based in the Asia Pacific region, The Register can exclusively...
IBM Security

Why You Need a BGP Hijack Response Plan

The vast majority of computer security incidents involve some sort of phishing or malware. Typically, this is the type of incident that receives the most attention from organizations, and for which security controls are established. And rightfully so —...
Tripwire

Bug Affected 52.5 Million Users in Connection with a Google+ API

A bug connected to a Google+ API potentially exposed the profile information belonging to 52.5 million users of Google’s social network. According to David Thacker, VP of Product Management for G Suite, a software update in November introduced the...
isBuzz

Why Have We Become Desensitised To Cyber-Attacks?

1989 was of a year of positive milestones which would have a profound impact on the way we live and work today. The World Wide Web was invented, the Berlin Wall was torn down, and the first GPS satellite...

Quarter of NHS Trusts Have No Security Pros

Quarter of NHS Trusts Have No Security ProsNew research has revealed a dearth of qualified cybersecurity staff in the NHS and low levels of spending on in-house training for employees. RedScan received Freedom of Information (FOI) responses from 159 trusts...