Security News

Built on Mac mini computers, EC2 Mac instances enable customers to run on-demand macOS workloads in the AWS cloud for the first time ever, extending the flexibility, scalability, and cost benefits of AWS to all Apple developers. Similar to other Amazon EC2 instances, customers can easily use EC2 Mac instances together with AWS services and features like Amazon Virtual Private Cloud for network security, Amazon Elastic Block Storage for expandable storage, Amazon Elastic Load Balancer for distributing build queues, and Amazon Machine Images for OS image orchestration.

A rather complex phishing scheme for stealing Office 365 credentials from small and medium-sized businesses in the U.S. and Australia combines cloud services from Oracle and Amazon into its infrastructure. According to their research, the threat actor sends phishing messages from compromised email accounts and uses Amazon Web Services and Oracle Cloud in the redirect chain.

Amazon Web Services announced the general availability of Amazon Managed Workflows for Apache Airflow, a new managed service that makes it easy for data engineers to execute data processing workflows in the cloud. Amazon MWAA makes it easy for customers to build and execute Apache Airflow workflows in AWS. Amazon MWAA manages the provisioning and ongoing maintenance of Apache Airflow so customers no longer need to worry about patching, scaling, or securing self-managed Apache Airflow implementations.

Imagine someone hacking into an Amazon Alexa device using a laser beam and then doing some online shopping using that person account. The same team that last year mounted a signal-injection attack against a range of smart speakers merely by using a laser pointer are still unraveling the mystery of why the microelectro-mechanical systems microphones in the products turn the light signals into sound.

Matt Lewis, with NCC Group, talks to Threatpost about a slew of security and privacy issues found in smart doorbells that are being sold on Amazon and eBay. Researchers have found serious security and privacy issues in 11 different smart doorbells, distributed via online marketplaces like Amazon and eBay, which could be exploited by attackers to physically switch off the devices.

Tufin announced it will integrate with AWS Network Firewall, a new managed service that makes it easy to deploy essential network protections for all Amazon Virtual Private Clouds on Amazon Web Services, on-premise data centers and other cloud platforms for full visibility across the enterprise. "AWS is a very important cloud provider for our customers today and into the future, which is why we are excited to expand our collaboration and be a Launch Partner for AWS Network Firewall," said Pamela Cyr, Senior Vice President of Business and Corporate Development, Tufin.

Instagram and TikTok social-media influencers Kelly Fitzpatrick and Sabrina Kelly-Krejci are among 13 defendants in a lawsuit filed by Amazon, which alleges that they participated in an an online scam to sell counterfeit luxury goods. Counterfeit goods are strictly forbidden in the Amazon marketplace, but generic products - often called "Dupes" - are allowed.

Amazon Web Services announced the general availability of Amazon Elastic Compute Cloud P4d instances, the next generation of GPU-powered instances delivering 3x faster performance, up to 60% lower cost, and 2.5x more GPU memory for machine learning training and high-performance computing workloads when compared to previous generation P3 instances. Using P4d instances with AWS's Elastic Fabric Adapter and NVIDIA GPUDirect RDMA, customers are able to create P4d instances with EC2 UltraClusters capability.

Amazon has fired an employee who shared customers' names and email addresses with a third party. Amazon did not comment on an inquiry from Threatpost asking how many customers were impacted, and what the role of the Amazon employee was.

Amazon has recently terminated employees responsible for leaking customer data, including their email addresses, to an unaffiliated third-party in violation of company policies. "Did anyone else get a weird email from Amazon about this data breach or was I just targeted solo?" tweeted entrepreneur Zain Jaffer.