Security News

Amazon will pay $30 million in fines to settle allegations of privacy violations related to the operation of its Ring video doorbell and Alexa virtual assistant services. According to a proposed order, Ring will have to pay $5.8 million in refunds to consumers and will be barred from profiting from unlawfully obtained consumer videos.

Canonical announced on Tuesday that Ubuntu Pro is available in a subscription-included model on Amazon Web Services. With Ubuntu Pro on AWS, users can launch Ubuntu Pro on-demand instances and purchase Ubuntu Pro compute savings plans directly from the Amazon Elastic Compute Cloud console.

Amazon Inspector is designed to manage vulnerabilities by continuously scanning your AWS workloads for software vulnerabilities and unintended network exposure across your entire organization. Upon activation, Amazon Inspector automatically detects all your Amazon Elastic Compute Cloud instances, container images in Amazon Elastic Container Registry, and AWS Lambda functions on a large scale.

Amazon has banned the sale of the Flipper Zero portable multi-tool for pen-testers as it no longer allows its sale on the platform after tagging it as a card-skimming device. According to notices sent to sellers on Thursday evening, Amazon has now banned Flipper Zero on its platform, tagging it as a "Restricted product."

AWS has been offering Amazon Linux, a cloud-optimized Linux distribution, since 2010. Amazon Linux 2023 is provided at no additional charge.

Starting in April 2023, Amazon S3 will change the default security configuration for all new S3 buckets.For new buckets created after this date, S3 Block Public Access will be enabled, and S3 access control lists will be disabled.

A Canadian system administrator discovered that an Android TV box purchased from Amazon was pre-loaded with persistent, sophisticated malware baked into its firmware. The device in question is the T95 Android TV box with an AllWinner T616 processor, widely available through Amazon, AliExpress, and other big e-commerce platforms.

A severe security flaw in the Amazon ECR Public Gallery could have allowed attackers to delete any container image or inject malicious code into the images of other AWS accounts.Amazon ECR Public Gallery is a public repository of container images used for sharing ready-to-use applications and popular Linux distributions, such as Nginx, EKS Distro, Amazon Linux, CloudWatch agent, and Datadog agent.

A critical security flaw has been disclosed in Amazon Elastic Container Registry Public Gallery that could have been potentially exploited to stage a multitude of attacks, according to cloud security firm Lightspin. "By exploiting this vulnerability, a malicious actor could delete all images in the Amazon ECR Public Gallery or update the image contents to inject malicious code," Gafnit Amiga, director of security research at Lightspin, said in a report shared with The Hacker News.

Amazon Web Services has resolved a cross-tenant vulnerability in its platform that could be weaponized by an attacker to gain unauthorized access to resources. "This attack abuses the AppSync service to assume roles in other AWS accounts, which allows an attacker to pivot into a victim organization and access resources in those accounts," Datadog researcher Nick Frichette said in a report published last week.