Security News
Amazon Web Services announced Amazon FinSpace, a purpose-built analytics service that reduces the time it takes FSI organizations to find, prepare, and analyze financial data from months to minutes. Amazon FinSpace provides an easy-to-use web application that gives analysts at hedge funds, asset management firms, insurance companies, investment banks, and other FSI organizations access to the information they need and the ability to run powerful analytics on demand across all of their data.
Qumulo announced support for Amazon Nimble Studio, a new service that enables customers to set up creative studios in hours instead of weeks, with elasticity that gives them near limitless scale and access to rendering on demand. Together with high-performance file data management from Qumulo, customers can unlock remote content creation workflows at massive scale and performance across nearly every aspect of the media and entertainment data lifecycle on AWS global infrastructure at petabyte scale, with real-time visibility, predictive caching, and a comprehensive API. Powered by Amazon Elastic Compute Cloud G4 instances, Amazon Nimble Studio virtual workstations provide on-demand compute power to handle the demands of even the most challenging content creation needs.
Amazon Web Services announced the general availability of AQUA for Amazon Redshift, an innovative new distributed and hardware-accelerated cache that delivers up to ten times better query performance than other enterprise cloud data warehouses. AQUA brings compute to the storage layer, helping customers avoid networking bandwidth limitations by eliminating unnecessary data movement between where data is stored and compute clusters.
This month, Mozilla has announced plans to phase out support for the Firefox web browser app on the Amazon Fire TV product line. Although Firefox will be no longer supported on Fire TV effective at the end of this month, Amazon Silk web browser app remains available to Fire TV users.
This month, Mozilla has announced plans to phase out support for the Firefox web browser app on the Amazon Fire TV product line. Although Firefox will be no longer supported on Fire TV effective at the end of this month, Amazon Silk web browser app remains available to Fire TV users.
The US Justice Department on Friday announced the arrest of Seth Aaron Pendley, 28, for allegedly planning to blow up a single Amazon data center in Ashburn, Virginia, which he thought would knock out around 70 per cent of the internet. The tipser who turned Pendley in is said to have provided authorities with the poster's email address, which was registered by Pendley.
Researchers have spotted malicious packages targeting internal applications for Amazon, Lyft, Slack and Zillow inside the npm public code repository - all of which exfiltrate sensitive information. The packages weaponize a proof-of-concept code dependency-confusion exploit that was recently devised by security researcher Alex Birsan to inject rogue code into developer projects.
Threat actors are targeting Amazon, Zillow, Lyft, and Slack NodeJS apps using a new 'Dependency Confusion' vulnerability to steal Linux/Unix password files and open reverse shells back to the attackers. When hosted on public repositories, including npm, PyPI, and RubyGems, dependency managers would use the packages on the public repo rather than the company's internal packages when building the application.
Researchers have uncovered gaps in Amazon's skill vetting process for the Alexa voice assistant ecosystem that could allow a malicious actor to publish a deceptive skill under any arbitrary developer name and even make backend code changes after approval to trick users into giving up sensitive information. Amazon Alexa allows third-party developers to create additional functionality for devices such as Echo smart speakers by configuring "Skills" that run on top of the voice assistant, thereby making it easy for users to initiate a conversation with the skill and complete a specific task.
An Amazon spokesperson told Threatpost that the company conducts security reviews as part of skill certification, and has systems in place to continually monitor live skills for potentially malicious behavior. Finally, before the skills can be actively made public to Alexa users, developers must submit their skills to be vetted and verified by Amazon.