Security News

Amazon Web Services has launched an independent cloud for Europe designed for public sector customers and companies operating in highly regulated industries within the European Union. The AWS Sovereign Cloud will operate both "Physically and logically" separate from AWS's existing cloud regions and has been engineered specifically to meet the data residency and regulatory requirements of European customers.

Canonical announced on Tuesday that Ubuntu Pro is available in a subscription-included model on Amazon Web Services. With Ubuntu Pro on AWS, users can launch Ubuntu Pro on-demand instances and purchase Ubuntu Pro compute savings plans directly from the Amazon Elastic Compute Cloud console.

Amazon Web Services has resolved a cross-tenant vulnerability in its platform that could be weaponized by an attacker to gain unauthorized access to resources. "This attack abuses the AppSync service to assume roles in other AWS accounts, which allows an attacker to pivot into a victim organization and access resources in those accounts," Datadog researcher Nick Frichette said in a report published last week.

How phishing attacks are exploiting Amazon Web Services. Cybercriminals prefer to use legitimate sites and services in their phishing scams, not just to trick unsuspecting victims but to sneak past security scanners that would otherwise block traffic from a suspicious site.

Amazon Web Services has fixed four security issues in its hot patch from December that addressed the critical Log4Shell vulnerability affecting cloud or on-premise environments running Java applications with a vulnerable version of the Log4j logging library or containers. The hot patch packages from Amazon are not exclusive to AWS resources and allowed escaping a container in the environment and taking control of the host.

Trustwave announced the Trustwave Fusion platform is now also hosted on Amazon Web Services GovCloud, providing U.S. government agencies and suppliers threat detection and response services to help address the constantly shifting threat landscape while meeting stringent U.S. Federal government security requirements. The cloud-native Trustwave Fusion platform delivers the first U.S.-only managed threat detection and response services hosted on AWS GovCloud and is in the process of FedRAMP authorization.

Kryon launched the industry's first cloud-based Full Cycle Automation-as-a-Service platform. Powered by Amazon Web Services, Kryon's FCAaaS pushes the boundaries of automation by combining Process Discovery, RPA, and actionable analytics in one unified platform.

A series of recent phishing attacks tried to take advantage of organizations that use Amazon Web Services. In one phishing campaign reported to KnowBe4, the attackers created a basic, no-frills scam to harvest the credentials of AWS users.

Datadog's integration with Amazon EFS for AWS Lambda brings single-click correlation between AWS Lambda and the underlying Elastic File System. "We are excited to see Datadog integrating support for Amazon EFS for AWS Lambda into their serverless monitoring at launch," said Adam Fergus, Manager, DevOps at Fiix.

The emails spoof an automated notification from AWS to try to capture Amazon account credentials, according to Abnormal Security. A blog post published Wednesday by security provider Abnormal Security describes how phishing attacks are taking advantage of Amazon Web Services to steal user credentials.