Security News

Palo Alto Networks security researchers identified more than 20 Amazon Web Services APIs that can be abused to obtain information such as Identity and Access Management users and roles. The same attack could be leveraged to abuse 22 APIs across 16 different AWS services to obtain the roster of an account, get a glimpse into an organization's internal structure, and leverage the information to launch targeted attacks against specific individuals.

Amazon Web Services on Tuesday announced the general availability of AWS Network Firewall, a managed security service designed to help customers protect their virtual networks. AWS Network Firewall can easily be enabled from the AWS Console for specified virtual private cloud environments, and the company says there are no extra charges for users - customers pay for the service based on hours deployed and gigabytes processed.

Amazon Web Services announced the general availability of AWS Network Firewall, a new managed security service that makes it easier for customers to enable network protections across all of their AWS workloads. AWS provides protections to help customers secure their networks, such as AWS Web Application Firewall to protect internet-facing web applications, AWS Shield to safeguard against Distributed Denial of Service attacks, and AWS Firewall Manager which provides central management and visibility across all firewall controls on AWS. While these and other protections combine to provide highly secure and flexible layers of defense, many customers also want a simple way to apply and manage blanket network protections across all of their workloads.

Data analysts and data scientists have wanted an easier way to clean and transform this data, and that's what DataBrew delivers, with a service that allows data exploration and experimentation directly from AWS data lakes, data warehouses, and databases without writing code. AWS Glue DataBrew is a visual data preparation tool for AWS Glue that allows data analysts and data scientists to clean and transform data with an interactive, point-and-click visual interface, without writing any code.

Child-friendly games website Animal Jam suffered a hack that exposed 46 million user records after a staff Slack channel was compromised by malicious people who discovered a private AWS key. Animal Jam chief exec Clary Stacey confirmed the hack after Bleeping Computer spotted information from the compromised AWS server being posted on stolen data bazaar raidforums[.

Checkmarx announced major milestones in its relationship with Amazon Web Services, bringing its software security solutions to AWS Marketplace and earning AWS DevOps Competency status. With these moves, Checkmarx is delivering greater simplicity, flexibility, and confidence to customers looking to deploy application security testing solutions into their AWS CI/CD pipelines.

Amazon Web Services announced the general availability of Amazon Elastic Compute Cloud P4d instances, the next generation of GPU-powered instances delivering 3x faster performance, up to 60% lower cost, and 2.5x more GPU memory for machine learning training and high-performance computing workloads when compared to previous generation P3 instances. Using P4d instances with AWS's Elastic Fabric Adapter and NVIDIA GPUDirect RDMA, customers are able to create P4d instances with EC2 UltraClusters capability.

Wipro announced the launch of its dedicated Wipro AWS Business Group, a unit designed to help customers fast-track their cloud transformation journey on AWS. WABG merges Wipro's diverse industry experience and comprehensive portfolio of services with AWS's industry-leading cloud platforms to help organizations worldwide drive business acceleration, enhance customer experience, and leverage connected insights. The Wipro AWS Business Group will house more than 10,000 AWS-certified consultants, along with specialized teams focusing on business development, talent creation, solution development, and delivery execution.

This week, Amazon announced AWS Nitro Enclaves, a new feature of EC2 that will allow customers to securely process highly sensitive data and protect it when it must be unencrypted at the point of use by providing an isolated environment for data processing. "With this isolation, the AWS Nitro Enclave owner can start and stop, or assign resources to an Enclave, but even the owner cannot see what is being processed inside of AWS Nitro Enclaves. AWS also announced the launch of AWS Certificate Manager for Nitro Enclaves, a new Enclave application that makes it easy for customers to protect and manage Secure Sockets Layer/Transport Layer Security certificates for their web servers running on Amazon EC2.".

AWS Nitro Enclaves helps customers reduce the attack surface for their applications by providing a trusted, highly isolated, and hardened environment for data processing. With this isolation, the AWS Nitro Enclave owner can start and stop, or assign resources to an Enclave, but even the owner cannot see what is being processed inside of AWS Nitro Enclaves.