Security News

Amazon faces $30 million fine over Ring, Alexa privacy violations
2023-05-31 20:44

Amazon will pay $30 million in fines to settle allegations of privacy violations related to the operation of its Ring video doorbell and Alexa virtual assistant services. According to a proposed order, Ring will have to pay $5.8 million in refunds to consumers and will be barred from profiting from unlawfully obtained consumer videos.

Ubuntu Pro now available on Amazon Web Services
2023-05-04 18:36

Canonical announced on Tuesday that Ubuntu Pro is available in a subscription-included model on Amazon Web Services. With Ubuntu Pro on AWS, users can launch Ubuntu Pro on-demand instances and purchase Ubuntu Pro compute savings plans directly from the Amazon Elastic Compute Cloud console.

Amazon Inspector allows search of its vulnerability intelligence database
2023-05-04 03:45

Amazon Inspector is designed to manage vulnerabilities by continuously scanning your AWS workloads for software vulnerabilities and unintended network exposure across your entire organization. Upon activation, Amazon Inspector automatically detects all your Amazon Elastic Compute Cloud instances, container images in Amazon Elastic Container Registry, and AWS Lambda functions on a large scale.

Flipper Zero banned by Amazon for being a ‘card skimming device’
2023-04-07 09:01

Amazon has banned the sale of the Flipper Zero portable multi-tool for pen-testers as it no longer allows its sale on the platform after tagging it as a card-skimming device. According to notices sent to sellers on Thursday evening, Amazon has now banned Flipper Zero on its platform, tagging it as a "Restricted product."

Amazon Linux 2023: Create and execute cloud-based applications with enhanced security
2023-03-16 08:30

AWS has been offering Amazon Linux, a cloud-optimized Linux distribution, since 2010. Amazon Linux 2023 is provided at no additional charge.

Amazon S3 to apply security best practices for all new buckets
2023-02-07 09:45

Starting in April 2023, Amazon S3 will change the default security configuration for all new S3 buckets.For new buckets created after this date, S3 Block Public Access will be enabled, and S3 access control lists will be disabled.

Android TV box on Amazon came pre-installed with malware
2023-01-12 20:41

A Canadian system administrator discovered that an Android TV box purchased from Amazon was pre-loaded with persistent, sophisticated malware baked into its firmware. The device in question is the T95 Android TV box with an AllWinner T616 processor, widely available through Amazon, AliExpress, and other big e-commerce platforms.

Amazon ECR Public Gallery flaw could have wiped or poisoned any image
2022-12-13 14:00

A severe security flaw in the Amazon ECR Public Gallery could have allowed attackers to delete any container image or inject malicious code into the images of other AWS accounts.Amazon ECR Public Gallery is a public repository of container images used for sharing ready-to-use applications and popular Linux distributions, such as Nginx, EKS Distro, Amazon Linux, CloudWatch agent, and Datadog agent.

Serious Attacks Could Have Been Staged Through This Amazon ECR Public Gallery Vulnerability
2022-12-13 13:58

A critical security flaw has been disclosed in Amazon Elastic Container Registry Public Gallery that could have been potentially exploited to stage a multitude of attacks, according to cloud security firm Lightspin. "By exploiting this vulnerability, a malicious actor could delete all images in the Amazon ECR Public Gallery or update the image contents to inject malicious code," Gafnit Amiga, director of security research at Lightspin, said in a report shared with The Hacker News.

Researchers Detail AppSync Cross-Tenant Vulnerability in Amazon Web Services
2022-11-28 11:56

Amazon Web Services has resolved a cross-tenant vulnerability in its platform that could be weaponized by an attacker to gain unauthorized access to resources. "This attack abuses the AppSync service to assume roles in other AWS accounts, which allows an attacker to pivot into a victim organization and access resources in those accounts," Datadog researcher Nick Frichette said in a report published last week.