Security News

In research presented on Wednesday at the Network and Distributed System Security Symposium conference, researchers describe flaws in the process Amazon uses to review third-party Alexa applications known as Skills. "We show that not only can a malicious user publish a Skill under any arbitrary developer/company name, but she can also make backend code changes after approval to coax users into revealing unwanted information," the academics explain in their paper, titled "Hey Alexa, is this Skill Safe?: Taking a Closer Look at the Alexa Skill Ecosystem." [PDF].

Baffle announced that its Data Protection Services supports data de-identification, dynamic data masking and adaptive data security controls for Amazon Redshift. Baffle DPS is the only solution that provides seamless integration with AWS Database Migration Services, AWS Glue, AWS S3 and Redshift without any code changes to provide end-to-end protection of the modern data pipeline.

Three vulnerabilities in the Amazon Kindle e-reader would have allowed a remote attacker to execute code and run it as root - paving the way for siphoning money from unsuspecting users. Yogev Bar-On, researcher at Realmode Labs, found that it was possible to email malicious e-books to the devices via the "Send to Kindle" feature to start a chain of attack - a discovery that earned him $18,000 from the Amazon bug-bounty program.

Amazon has awarded an $18,000 bug bounty for an exploit chain that could have allowed an attacker to take complete control of a Kindle e-reader simply by knowing the targeted user's email address. The first vulnerability in the exploit chain was related to the "Send to Kindle" feature, which allows users to send an e-book in MOBI format to their Kindle device via email as an attachment.

Baffle announced that its Data Protection Services on AWS dramatically simplifies tokenization and encryption of data stored in Amazon Relational Database Service environments without any application code modifications while supporting a Bring Your Own Key or Hold Your Own Key model. As an AWS Select Technology Partner, Baffle DPS gives enterprises the ability to instantly apply data-centric security for data stored in AWS without any application changes.

These posts reportedly included Parler video URLs made up of raw video files with associated embedded metadata - and precise GPS coordinates of where the videos were taken, sparking privacy concerns about the service's data collection. Amazon reportedly informed Parler it was removing it from its web hosting service on Sunday night, essentially stripping it of the infrastructure it relies on to operate.

Data from a breach that occurred five months ago involving Juspay, which handles payments for Amazon and other online retailers in India, has been dumped online, a researcher has found. Security researcher Rajshekhar Rajaharia discovered data of 35 million Indian credit-card holders from a breach of a Juspay server that occurred on Aug. 18, he revealed on Twitter.

We say, "Well, let's take a look at what you're doing right now and see if we can offer a comparable level of security." So they tell us about the setup of their data centers. We say, "Oh my! It seems like we have level five security and your data center has level three security. Are you really comfortable staying where you are?" The customer figures, not only am I going to save money by going with AWS, I also just became aware that I'm not nearly as secure as I thought.

The Dridex malware gang is delivering a nasty gift for the holidays using a spam campaign pretending to be Amazon Gift Cards. Such is the case in a recent phishing campaign discovered by cybersecurity firm Cybereason that pretends to be an Amazon gift certificate sent via email.

France's CNIL data privacy watchdog slapped 135 million euros in fines on US tech titans Google and Amazon for placing advertising cookies on users' computers without consent. The 100-million-euro fine against Google is the largest sanction the regulator has ever imposed, which it justified by the fact 90 percent of French internet users use the firm's search engine.