L1 Terminal Fault Speculative Execution Issue
August 14, 2018 11:00 AM PDT
Intel has published a security advisory (INTEL-SA-00161) regarding a new side-channel analysis method concerning their processors called "L1 Terminal Fault" (L1TF). AWS has designed and implemented its infrastructure with protections against these types...
Linux Kernel SegmentSmack Issue
August 6, 2018 1:00 PM PDT
CVE Identifiers: CVE-2018-5390
AWS is aware of a recently-disclosed security issue, commonly referred to as SegmentSmack, which affects the TCP processing subsystem of several popular operating systems including Linux.
AWS services are operating...
Xen Security Advisory 267 (XSA-267)
June 13, 2018 2:00 PM PDT
CVE Identifiers: CVE-2018-3665
A new speculative execution side-channel issue concerning Intel processors was discovered by AWS in collaboration with Cyberus Technology. We reported this issue immediately to Intel, which has been working...
Additional Processor Speculative Execution Research Disclosures
2018/05/21 2:00 PM PDTCVE Identifiers: CVE-2018-3639
Intel has published a security advisory (SA-00115) regarding new variants of speculative execution side-channel issues concerning their processors.
These issues do not impact AWS infrastructure. No customer’s instance can read the memory of...
Xen Security Advisories 260-262 (XSA-260, XSA-261, XSA-262)
2018/05/08 10:00AM PDT
CVE Identifiers: CVE-2018-8897 The Xen Security Team has released Xen Security Advisories 260, 261 and 262 regarding the Xen hypervisor. AWS customers' data and instances are not affected by this issue, and no customer action...
Processor Speculative Execution Research Disclosure
Concerning: CVE-2017-5715, CVE-2017-5753, CVE-2017-5754
Update As Of: 2018/03/05 3:00 PM PST
This is an update for this issue.
An updated kernel for Amazon Linux is available within the Amazon Linux repositories. EC2 instances launched with the default Amazon Linux...
ROBOT TLS security issue
2017/12/15 07:30 PST
AWS has taken appropriate action to ensure that customer resources and data are not affected by the recently published Return Of Bleichenbacher's Oracle Threat (ROBOT) issue. No action is required of AWS customers.
Xen Security Advisories – October 2017
2017/10/12 05:00 PDT
The Xen Security team has published Security Advisories 236-244 regarding the Xen hypervisor. AWS customers' data and instances are not affected by this issue, and no customer action is required.
Breach at US Retailer SHEIN Hits Over Six Million Users
Breach at US Retailer SHEIN Hits Over Six Million UsersUS fashion retailer SHEIN has admitted suffering a major breach affecting the personal information of over six million customers.
The women’s clothing company revealed at the end of last week that...
Bug? Feature? Power users baffled as BitLocker update switch-off continues
Microsoft claims issue confined to older kit Three months on, users continue to report that Microsoft's BitLocker disk encryption technology turns itself off during security updates.…
UK issues first-ever GDPR notice in connection to Facebook data scandal
Canadian firm AggregateIQ, linked to the Facebook & Cambridge Analytica data scandal, is the first to be put on notice.
Symantec Completes Internal Accounting Investigation
Symantec announced on Monday that it has completed its internal accounting audit, and while some issues have been uncovered, only one customer transaction has an impact on financial statements.
read more
Are Colleges Teaching Real-World Cyber Security Skills?
The cybersecurity skill shortage is a well-recognized industry challenge, but the problem isn’t that there are too few people rather that many of them lack suitable skills and experience. Cybersecurity is a fast-growing profession, and talented graduates are in...
