Security News

Amazon Web Services announced AWS App Runner, a fully managed container application service that makes it easier and faster for customers to build, deploy, and run containerized web applications and APIs with just a few clicks. Customers simply provide their source code, container image, or deployment pipeline and AWS App Runner builds and deploys the web application or API, load balances network traffic, scales capacity up or down based on demand, monitors application health, and encrypts traffic by default.

Security researchers have documented an attack technique that may allow attackers to leverage a legitimate Amazon VPC feature to mask their use of stolen API credentials inside AWS. The feature and its exploitation potential. The feature that allows customers to control their IP addresses also allows attackers to control the IP address written to AWS CloudTrail logs when accessing a compromised account via a newly created VPC endpoint.

ChaosSearch announced immediate availability of the ChaosSearch Data Lake Platform in AWS Marketplace. Now, AWS customers can easily consume ChaosSearch's solution directly from AWS Marketplace and within their existing AWS contracts.

MariaDB announced major new updates to MariaDB SkySQL cloud database, including expanded support for Amazon Web Services. Xpand is now GA in SkySQL and is at least a third less expensive than other distributed SQL options in AWS or Google Cloud Platform.

Nutanix announced the Nutanix cloud platform now extends to AWS GovCloud, providing a unified cloud platform across Nutanix on-premises and bare metal Amazon Elastic Compute Cloud instances running on Amazon Web Services GovCloud region. This new solution helps enable U.S. public sector organizations looking for the strengthened security posture offered by AWS GovCloud to adopt the same software stack across their private and public clouds, providing the flexibility to choose the right cloud for each application.

Amazon Web Services announced Amazon FinSpace, a purpose-built analytics service that reduces the time it takes FSI organizations to find, prepare, and analyze financial data from months to minutes. Amazon FinSpace provides an easy-to-use web application that gives analysts at hedge funds, asset management firms, insurance companies, investment banks, and other FSI organizations access to the information they need and the ability to run powerful analytics on demand across all of their data.

With the announcement today, Sysdig launched the first runtime security detection and response solution for AWS Fargate that provides detailed audit logs to respond to incidents. Sysdig's runtime detection for AWS Fargate is based on open source Falco, the runtime security tool created by Sysdig and contributed to the Cloud Native Computing Foundation.

A latest report shared with The Hacker News detailed how the BeVigil search engine identified over 40 apps - with more than a cumulative 100 million downloads - that had hardcoded private Amazon Web Services keys embedded within them, putting their internal networks and their users' data at risk of cyberattacks. The findings are the result of an analysis of over 10,000 apps submitted to CloudSEK's BeVigil, a mobile app security search engine.

Lacework has announced that it has extended native security support for Amazon Web Services services including AWS Graviton2 and AWS Fargate. These additions give Lacework customers using AWS in-depth security visibility, threat detection, configuration compliance, and context into cloud security data and changes for all compute types: virtual machines, containers, containers as services, containers on demand, bare metal and serverless.

From backup and disaster recovery for Amazon Elastic Kubernetes Services, disaster recovery across AWS Regions or Availability Zones, and new backup capabilities for AWS focused on cost optimization and security to safeguard companies from malicious intent. Zerto backup and disaster recovery for Amazon EKS is a new offering that integrates backup and disaster recovery into the application deployment lifecycle for Amazon EKS. Organizations can now easily protect, recover, and move any Kubernetes application and its persistent data for a native, data protection as code experience.