Security News
Amazon Web Services has launched an independent cloud for Europe designed for public sector customers and companies operating in highly regulated industries within the European Union. The AWS Sovereign Cloud will operate both "Physically and logically" separate from AWS's existing cloud regions and has been engineered specifically to meet the data residency and regulatory requirements of European customers.
Microsoft said today that the Exchange Web Services API for Exchange Online and Office 365 will be retired in approximately three years. These resources can be retrieved from various sources, including Exchange Online, Exchange Online as part of Office 365, and on-premises editions of Exchange.
Call it BEC 3.0 - phishing attacks that bury the hook in legitimate web services like Dropbox. SEE: Another hide-the-malware attack focuses on DNS. "Leveraging legitimate websites to host malicious content is a surefire way to get into the inbox," he said.
Canonical announced on Tuesday that Ubuntu Pro is available in a subscription-included model on Amazon Web Services. With Ubuntu Pro on AWS, users can launch Ubuntu Pro on-demand instances and purchase Ubuntu Pro compute savings plans directly from the Amazon Elastic Compute Cloud console.
Amazon Web Services has resolved a cross-tenant vulnerability in its platform that could be weaponized by an attacker to gain unauthorized access to resources. "This attack abuses the AppSync service to assume roles in other AWS accounts, which allows an attacker to pivot into a victim organization and access resources in those accounts," Datadog researcher Nick Frichette said in a report published last week.
Amazon Web Services has resolved a cross-tenant vulnerability in its platform that could be weaponized by an attacker to gain unauthorized access to resources."This attack abuses the AppSync service to assume roles in other AWS accounts, which allows an attacker to pivot into a victim organization and access resources in those accounts," Datadog researcher Nick Frichette said in a report published last week.
How phishing attacks are exploiting Amazon Web Services. Cybercriminals prefer to use legitimate sites and services in their phishing scams, not just to trick unsuspecting victims but to sneak past security scanners that would otherwise block traffic from a suspicious site.
Amazon Web Services has fixed four security issues in its hot patch from December that addressed the critical Log4Shell vulnerability affecting cloud or on-premise environments running Java applications with a vulnerable version of the Log4j logging library or containers. The hot patch packages from Amazon are not exclusive to AWS resources and allowed escaping a container in the environment and taking control of the host.
In a paper distributed this month through ArXiv, they describe a HTTP protocol called HTTPS Attestable to enhance online security with remote attestation - a way for apps to obtain an assurance that data will be handled by trusted software in secure execution environments. "We propose a general solution to standardize attestation over HTTPS and establish multiple trusted connections to protect and manage requested data for selected HTTP domains," they say.
Trustwave announced the Trustwave Fusion platform is now also hosted on Amazon Web Services GovCloud, providing U.S. government agencies and suppliers threat detection and response services to help address the constantly shifting threat landscape while meeting stringent U.S. Federal government security requirements. The cloud-native Trustwave Fusion platform delivers the first U.S.-only managed threat detection and response services hosted on AWS GovCloud and is in the process of FedRAMP authorization.