Reported AWS Glue Issue
Initial Publication Date: 2022/01/13 13:00 PST
A security researcher recently reported an issue that allowed them to take actions as the AWS Glue service. Utilizing an AWS Glue feature, researchers obtained credentials specific to the service itself, and an...
Reported AWS CloudFormation Issue
Initial Publication Date: 2022/01/13 13:00 PST
Security researchers recently identified and reported an issue in AWS CloudFormation. Specifically, the reported issue was in the AWS CloudFormation service itself, which allowed viewing of some local configuration files on an AWS-internal...
AWSSupportServiceRolePolicy Informational Update
Between December 21, 2021 at 23:48 UTC and December 22, 2021 at 08:23 UTC, the policy used by AWS Support automated systems - AWSSupportServiceRolePolicy - inadvertently included S3:GetObject permissions. This change has been reverted. While these permissions were temporarily...
Update for Apache Log4j2 Issue (CVE-2021-44228)
Initial Publication Date: 2021/12/11 7:30 PM PDT
AWS is aware of the recently disclosed security issue relating to the open-source Apache “Log4j2" utility (CVE-2021-44228). We are actively monitoring this issue, and are working on addressing it for any AWS...
Apache Log4j2 Issue (CVE-2021-44228)
Initial Publication Date: 2021/12/10 7:20 PM PDT
AWS is aware of the recently disclosed security issue relating to the open-source Apache “Log4j2" utility (CVE-2021-44228). We are actively monitoring this issue, and are working on addressing it for any AWS...
Xen Security Advisories (XSA-372, 373, 374, 375, and 377)
Initial Publication Date: 2021/06/08 3:30 PM PDT
The Xen Security Team has released Xen Security Advisories 372, 373, 374, 375, and 377 regarding the Xen hypervisor. AWS customers’ data and instances are not affected by this issue, and no...
runC Security Issue (CVE-2021-30465)
Initial Publication Date: 2021/06/08 2:20 PM PDT
AWS is aware of the recently disclosed security issue in runC which is a component of many container management systems (CVE-2021-30465). With the exception of the AWS services listed below, no customer action...
Resolved: Application Load Balancer Session Ticket Issue
Initial Publication Date: 2021/04/26 10:20 AM PDT
On April 13th, 2021, AWS became aware of an edge case that affected how some Application Load Balancers (ALB) handled key rotation for TLS/SSL session ticket encryption. This edge case was...
Sudo Security Issue (CVE-2021-3156)
Initial Publication Date: 2021/01/26 2:11PM PST
CVE Identifier: CVE-2021-3156
AWS is aware of the security issue recently disclosed by the open source community affecting the Linux "sudo" utility (CVE-2021-3156). This issue may permit unprivileged users to run privileged commands....
Test Your Team, Not Just Your Disaster Recovery Plan
Cyberattacks imperil business continuity, but there is a much more common security threat — unintentional human error.
Dark Souls servers taken down following discovery of critical vulnerability
Enlarge (credit: The_Grim_Sleeper)
Bandai Namco, publisher of the Dark Souls role-playing game series, has taken down its player-versus-player servers while it investigates reports of a serious vulnerability that allows players...
Linux Servers at Risk of RCE Due to Critical CWP Bugs
The two flaws in Control Web Panel – a popular web hosting management software used by 200K+ servers – allow code execution as root on Linux servers.
Trickbot Injections Get Harder to Detect & Analyze
The authors of the infamous malware family have added measures for better protecting malicious code injections against inspection and research.
AT&T announces multi-gigabit fiber: $110 a month for 2Gbps, $180 for 5Gbps
Enlarge (credit: Getty Images | zf L)
AT&T has started offering 2Gbps and 5Gbps symmetrical Internet speeds over its fiber-to-the-home network, the telecom company announced today. The multi-gigabit speeds are...
