Security News

BAE Systems announced a new offering created on Amazon Web Services to deliver complete anti-money laundering regulatory compliance solutions. The solution is supported by the availability, reliability and security of AWS and offers banks and financial institutions the opportunity to quickly stand up an affordable integrated financial crime regulatory compliance solution.

Which cybersecurity failures cost companies the most and which defenses have the highest ROI?Massachusetts Institute of Technology scientists have created a cryptographic platform that allows companies to securely share data on cyber attacks they suffered and the monetary cost of their cybersecurity failures without worrying about revealing sensitive information to their competitors or damaging their own reputation. Essential features of security automation for the AWS platformA common security problem in AWS is an open S3 storage bucket where data is publicly readable on the Internet.

Amazon Web Services announced that Indeed, the world's leading job site, has selected AWS as its preferred cloud. As part of the multi-year agreement, Indeed will migrate more than 30 petabytes of data to AWS, moving its customer-facing products, business-critical workloads, and legacy databases to AWS. As a result of the move, Indeed expects to reduce its global data center footprint by 40% while streamlining its overall IT operations.

Application developers are not security specialists, and likely do not have the knowledge and skills to find and fix security issues in a timely manner. The AWS cloud platform is ripe for security automation.

Amazon Web Services, an Amazon Company, announced general availability of io2, the next generation Provisioned IOPS SSD volumes for Amazon Elastic Block Store. Io2 volumes are priced the same as io1 volumes, keeping the same predictable cost for EBS customers, but now support 10x higher IOPS-to-storage ratio and up to 500 IOPS for every provisioned GB, so that customers can get more performance without increasing their storage spend.

"With AWS Control Tower, it only takes a few clicks for enterprise organizations to provision new AWS accounts that conform to company-wide policies," said Chris Grusz, Director, AWS Marketplace, Amazon Web Services, Inc. "The Aviatrix cloud networking solution uniquely offers a network factory for AWS Control Tower. With AWS Control Tower account factory ensuring account control governance, customers will benefit from Aviatrix's new capabilities that make certain the network infrastructure supporting those accounts is secure and correctly deployed every time." AWS Service Catalog enables organizations to create and manage catalogs of approved IT services for use on AWS. The Aviatrix cloud network platform provides the prescriptive transit network architecture and operational visibility that meets enterprise cloud networking and security requirements.

The AWS marketplace also includes tens of thousands of Community AMIs. "The issue is with the Community AMIs and that there are no checks and balances. Anybody can create one and put it in the Community AMI library. That includes ones with malicious executables."

Threatpost editors discuss a cryptomining malware targeting AWS systems, a recent development in a lawsuit against the IBM-owned Weather Channel app, and more. Listen to the full podcast below or download direct here.

Cado Security has identified a crypto-mining worm that attempts to steal Amazon Web Services credentials belonging to the organizations whose systems it has infected. The TeamTNT worm can also scan for open Docker APIs, execute Docker images and install itself.

A cryptomining worm from the group known as TeamTNT is spreading through the Amazon Web Services cloud and collecting credentials. Attacking AWS. The attack starts with targeting the way that AWS stores credentials in an unencrypted file at ~/.aws/credentials, and additional configuration details in a file at ~/.aws/config.