Security News

Abusing AWS SSM Agent as a RAT. AWS Systems Manager is an Amazon-signed binary and comprehensive endpoint management system used by administrators for configuration, patching, and monitoring AWS ecosystems comprising EC2 instances, on-premise servers, or virtual machines. Mitiga's discovery is that the SSM agent can be configured to run in "Hybrid" mode even from within the limits of an EC2 instance, allowing access to assets and servers from attacker-controlled AWS accounts.

The U.S. Justice Department and the Federal Trade Commission announced that Amazon has agreed to pay a $25 million fine to settle alleged children's privacy laws violations related to the company's Alexa voice assistant service. Amazon also faces a $5 million fine for privacy violations associated with its Ring video doorbell service.

In collaboration with Microsoft, Amazon has announced the general availability of its AppStore on Windows 11 for all developers. This means more apps and games are coming to Windows 11 as Amazon developers can now easily access the AppStore for Windows and bring their Amazon Store apps to Microsoft's platform.

A former Amazon manager described by prosecutors as the "Mastermind" behind a nearly $10 million scheme to steal money from the online megaretailer using fake invoices has been sentenced to 16 years behind bars in federal prison. Amazon Warehouse ops manager Kayricka Wortham - also known as "Kayricka Dupree" and "Kayricka Young" - pleaded guilty to fraud charges in the US on November 30, and allegedly committed more crimes while on release after posting bond.

The Federal Trade Commission says Amazon allegedly used dark patterns to trick millions of users into enrolling in its Prime program and trapping them by making it as difficult as possible to cancel the automatically-renewing subscriptions. In the complaint, the FTC says Amazon's deceptive techniques manipulated consumers into signing up for Prime subscriptions without even knowing it, violating both the Restore Online Shoppers' Confidence Act and the FTC Act.

The U.S. Federal Trade Commission has fined Amazon a cumulative $30.8 million over a series of privacy lapses regarding its Alexa assistant and Ring security cameras. Amazon has also agreed to fork out an additional $5.8 million in consumer refunds for breaching users' privacy by permitting any employee or contractor to gain broad and unfettered access to private videos recorded using Ring cameras.

The e-tail giant's Ring home security cam subsidiary was accused of "Compromising its customers' privacy by allowing any employee or contractor to access consumers' private videos and by failing to implement basic privacy and security protections, enabling hackers to take control of consumers' accounts, cameras, and videos." The FTC complaint also alleges Ring knew its cloud services were susceptible to credential stuffing and brute-force attacks but did little to stymie such efforts.

Amazon will pay $30 million in fines to settle allegations of privacy violations related to the operation of its Ring video doorbell and Alexa virtual assistant services. According to a proposed order, Ring will have to pay $5.8 million in refunds to consumers and will be barred from profiting from unlawfully obtained consumer videos.

Canonical announced on Tuesday that Ubuntu Pro is available in a subscription-included model on Amazon Web Services. With Ubuntu Pro on AWS, users can launch Ubuntu Pro on-demand instances and purchase Ubuntu Pro compute savings plans directly from the Amazon Elastic Compute Cloud console.

Amazon Inspector is designed to manage vulnerabilities by continuously scanning your AWS workloads for software vulnerabilities and unintended network exposure across your entire organization. Upon activation, Amazon Inspector automatically detects all your Amazon Elastic Compute Cloud instances, container images in Amazon Elastic Container Registry, and AWS Lambda functions on a large scale.