Security News

Three vulnerabilities in the Amazon Kindle e-reader would have allowed a remote attacker to execute code and run it as root - paving the way for siphoning money from unsuspecting users. Yogev Bar-On, researcher at Realmode Labs, found that it was possible to email malicious e-books to the devices via the "Send to Kindle" feature to start a chain of attack - a discovery that earned him $18,000 from the Amazon bug-bounty program.

Amazon has awarded an $18,000 bug bounty for an exploit chain that could have allowed an attacker to take complete control of a Kindle e-reader simply by knowing the targeted user's email address. The first vulnerability in the exploit chain was related to the "Send to Kindle" feature, which allows users to send an e-book in MOBI format to their Kindle device via email as an attachment.

Baffle announced that its Data Protection Services on AWS dramatically simplifies tokenization and encryption of data stored in Amazon Relational Database Service environments without any application code modifications while supporting a Bring Your Own Key or Hold Your Own Key model. As an AWS Select Technology Partner, Baffle DPS gives enterprises the ability to instantly apply data-centric security for data stored in AWS without any application changes.

These posts reportedly included Parler video URLs made up of raw video files with associated embedded metadata - and precise GPS coordinates of where the videos were taken, sparking privacy concerns about the service's data collection. Amazon reportedly informed Parler it was removing it from its web hosting service on Sunday night, essentially stripping it of the infrastructure it relies on to operate.

Data from a breach that occurred five months ago involving Juspay, which handles payments for Amazon and other online retailers in India, has been dumped online, a researcher has found. Security researcher Rajshekhar Rajaharia discovered data of 35 million Indian credit-card holders from a breach of a Juspay server that occurred on Aug. 18, he revealed on Twitter.

We say, "Well, let's take a look at what you're doing right now and see if we can offer a comparable level of security." So they tell us about the setup of their data centers. We say, "Oh my! It seems like we have level five security and your data center has level three security. Are you really comfortable staying where you are?" The customer figures, not only am I going to save money by going with AWS, I also just became aware that I'm not nearly as secure as I thought.

The Dridex malware gang is delivering a nasty gift for the holidays using a spam campaign pretending to be Amazon Gift Cards. Such is the case in a recent phishing campaign discovered by cybersecurity firm Cybereason that pretends to be an Amazon gift certificate sent via email.

France's CNIL data privacy watchdog slapped 135 million euros in fines on US tech titans Google and Amazon for placing advertising cookies on users' computers without consent. The 100-million-euro fine against Google is the largest sanction the regulator has ever imposed, which it justified by the fact 90 percent of French internet users use the firm's search engine.

Amazon Web Services announced three new analytics capabilities that dramatically improve the performance of Amazon Redshift data warehouses, make it significantly easier for customers to move and combine data across data stores, and make it much simpler for end-users to get more value from their business data using machine learning. AWS customers use a wide variety of analytics tools for different use cases, including Amazon Athena for serverless querying, Amazon Elasticsearch Service for searching and visualizing log data, Amazon Kinesis for processing real-time data streams, Amazon Redshift for data warehousing, and Amazon EMR for running Apache Spark, Hive, Presto, and other big data frameworks.

With just a few clicks in the Amazon DevOps Guru console, historical application and infrastructure metrics like latency, error rates, and request rates for all resources are automatically ingested and analyzed to establish normal operating bounds, and Amazon DevOps Guru then uses a pre-trained machine learning model to identify deviations from the established baseline. Together with Amazon CodeGuru - a developer tool powered by machine learning that provides intelligent recommendations for improving code quality and identifying an application's most expensive lines of code - Amazon DevOps Guru provides customers the automated benefits of machine learning for their operational data so that developers can more easily improve application availability and reliability.