Security News

A security flaw in Amazon's Kindle e-reader made it vulnerable to malicious eBooks, opening the door to turning the devices into bots, compromising personal information and more. Check Point disclosed the bug to Amazon in February, and it was fixed in April; Amazon released patched firmware to be automatically installed on every Kindle connected to the internet.

Now patched by Amazon, security vulnerabilities found by Check Point would have given attackers access to a Kindle device and its stored data. Amazon Kindle owners could have exposed themselves to a remote control attack simply by opening the wrong e-book.

Amazon earlier this April addressed a critical vulnerability in its Kindle e-book reader platform that could have been potentially exploited to take full control over a user's device, resulting in the theft of sensitive information by just deploying a malicious e-book. "By sending Kindle users a single malicious e-book, a threat actor could have stolen any information stored on the device, from Amazon account credentials to billing information," Yaniv Balmas, head of cyber research at Check Point, said in an emailed statement.

CISA has announced the launch of Joint Cyber Defense Collaborative, a partnership across public and private sectors focused on defending US critical infrastructure from ransomware and other cyber threats. The new initiative's goal is to allow CISA to develop cyber defense plans in collaboration with federal agencies, SLTT partners, and private sector orgs for national resilience against malicious cyber activity targeting critical infrastructure.

Amazon was fined 746 million euros by Luxembourg authorities over allegations it flouted the EU's data protection rules, the online retail giant said Friday. The fine was issued July 16 by the Luxembourg National Commission for Data Protection following its determination that "Amazon's processing of personal data did not comply with the EU General Data Protection Regulation," Amazon said in a securities filing.

Amazon has quietly been hit with a record-breaking €746 million fine for alleged GDPR violations regarding how it performs targeted behavioral advertising. In an SEC Form 10-Q filed today, Amazon states that this massive fine came out of CNPD in July 2021, which fined them for improper processing of personal data.

Threat Stack announced it has expanded its AWS Fargate Security Monitoring to include Amazon Elastic Kubernetes Service. Using the Threat Stack Cloud Security Platform, businesses can gain full-stack observability into AWS EKS on AWS Fargate within minutes to detect threats and maintain compliance throughout their cloud infrastructure.

Amazon Web Services announced the general availability of Amazon HealthLake, a HIPAA-eligible service for healthcare and life sciences organizations to ingest, store, query, and analyze their health data at scale. Using Amazon HealthLake, organizations can easily move their FHIR-formatted health data from on-premises systems to a secure data lake in the cloud.

Perception Point announced its Advanced Threat Protection service for Amazon Web Services environments to protect joint customers' data and stop malicious content - files and URLs - from infiltrating their Amazon Simple Storage Service buckets. Enterprises and innovative SaaS vendors are increasingly storing their internal data as well files received from external sources in Amazon S3 buckets.

Amazon-owned Ring has announced starting the worldwide roll out of video End-to-End Encryption to customers with compatible devices. "Today, we're proud to announce that we're moving it out of technical preview and expanding the feature's availability to customers around the world," Ring said.