Security News
What is the best way to deliver business continuity in today's rapidly changing environment? You need agile deployments that seamlessly scale and deliver high availability, while maintaining security and ensuring regulatory compliance. To enable your organization to move faster, FortiGate Next Generation Firewall provides AI/ML driven advanced threat protection and scalable VPN connectivity to your AWS workloads.
Fortinet's partnership with AWS ensures your workloads and applications on AWS are protected by best-in-class security solutions. With simplified security management, full visibility across environments, and broad, comprehensive protection, gain the ultimate flexibility and control you need to build in the cloud.
Learn how you can simplify security management, ensure full visibility, and achieve broad protection across your workloads and applications. The post The Key to Optimizing Cloud Security on AWS...
The nature of the expanding attack surface and advanced threats necessitates broader, more comprehensive protection. Security architects tasked with designing, implementing, and maintaining security for AWS environments should look for comprehensive solutions that deliver multilayer protections which augment native AWS tools.
On Thursday, Orca Security published details about Superglue and BreakingFormation, vulnerabilities in AWS Glue and AWS Cloud Formation that allowed attackers to access data for other customers and to access files and make server-side requests to internal web services infrastructure. "During our research, we were able to identify a feature in AWS Glue that could be exploited to obtain credentials to a role within the AWS service's own account, which provided us full access to the internal service API," explained Yanir Tsarimi in a blog post.
Amazon Web Services has addressed an AWS Glue security issue that allowed attackers to access and alter data linked to other AWS customer accounts. The flaw stemmed from an exploitable AWS Glue feature and an internal service API misconfiguration that allowed Orca Security security researchers to escalate privileges to gain access to all service resources in the region.
Amazon Web Services has addressed an AWS Glue security issue that allowed attackers to access and alter data linked to other AWS customer accounts. The flaw stemmed from an exploitable AWS Glue feature and an internal service API misconfiguration that allowed Orca Security security researchers to escalate privileges to gain access to all service resources in the region.
Ravkoo, a US Internet-based pharmacy service, has disclosed a data breach after the company's AWS hosted cloud prescription portal was involved in a security incident that may have led to personal and health information being accessed. "Ravkoo utilizes AWS cloud services for online hosting of its prescription portal. On September 27, 2021, Ravkoo detected that this portal was the target of a cybersecurity attack," the pharmacy said in data breach notification letters sent to 105,000 affected customers on January 3.
Gaming giant SEGA Europe recently discovered that its sensitive data was being stored in an unsecured Amazon Web Services S3 bucket during a cloud-security audit, and it's sharing the story to inspire other organizations to double-check their own systems. The laundry list of SEGA's potentially exposed data is nauseating - API keys, internal messaging systems, cloud systems, user data and more.
Major services across the internet are currently facing ongoing networking outages. "We are experiencing issues with file uploads, message editing, and other services. We're currently investigating the issue and will provide a status update once we have more information," Slack has confirmed, with its status page continuing to show further disruptions.