Security news aggregator

Latest coverage for Amazon (company)

Amazon provides cloud and online services whose vulnerabilities, security advisories, and supply-chain risks can affect users and organizations.

28 headlines in this view

Refine the feed

Search across headline titles and summaries.

Tag briefing

Background for this topic.

Amazon provides a large-scale cloud computing platform and an extensive e-commerce marketplace, both widely used across industries. Its cloud services offer infrastructure for hosting applications, storing data, and managing complex workflows, while its marketplace facilitates transactions between millions of buyers and sellers. These environments involve diverse user roles, APIs, and integrations with third-party services, creating multiple points of interaction and potential exposure.

Security risks include misconfigured cloud resources, such as storage buckets or access policies that unintentionally allow public or excessive permissions, leading to data exposure or unauthorized use. The e-commerce platform faces threats like account takeovers targeting customer or seller accounts, and fraud exploiting payment or order systems. Mitigating these risks requires strict identity and access management controls, continuous monitoring for unusual activity, and thorough validation of third-party components to prevent exploitation within Amazon’s complex ecosystem.

Volume over time

Weekly headline count for the current query.

Showing 20 most recent headlines of 28 Filtered view

Autonomous Remediation Tools AdvanceCloud computing mainstay Amazon Web Services has taken a look at the vulnerability apocalypse and pronounced it fit for a business opportunity. Today the Seattle company entered a new battleground of platforms with the launch of its new family of security agents that it calls Continuum.

Bank Info Security 2 months, 2 weeks ago

OpenAI Trades Azure Exclusivity for Enterprise Reach

Renegotiated Pact With Microsoft Clears OpenAI Path to Enterprise CloudsOpenAI has launched its models and tools on Amazon Web Services, one day after revising its agreement with Microsoft to end years of cloud exclusivity, a move likely driven by competitive pressure from Anthropic's hold on enterprise AWS customers.

Felicis-Led Series A Backs Telemetry Correlation Across Cloud, Identity, EndpointsArtemis, a New York startup led by former Amazon GuardDuty product leader Shachar Hirshberg, emerged from stealth with $70 million to build an AI-driven SIEM alternative that correlates telemetry across enterprise environments, tailors detections and speeds investigations.

Bank Info Security 4 months, 2 weeks ago

Amazon Says Drone Strikes Disrupted Middle East Data Centers

Iranian Cyberespionage Group MuddyWater Goes DarkPhysical effects rather than cyber strikes are triggering Middle Eastern connectivity problems during day four of a sustained U.S. and Israeli bombing campaign against Iran. Iran is responding with drone and missile attacks targeting U.S. military as well as British bases in Bahrain, Cyprus.

Misconfigured Customer Network Edge Devices' Under Fire, Warn ResearchersMisconfigured edge devices hosted in the cloud are giving nation-state hackers carte blanche to access Western critical infrastructure, warn threat intelligence experts at Amazon, who tied exploits of AWS customers' device administrator portals to Russia's GRU military intelligence agency.

Europe Tries, Tries Again Amid Transatlantic UncertaintyEuropean cloud users love hyperscalers - but they’re all American. Microsoft, Google and Amazon Web Services together hold 70% of the European market, with local providers mustering a mere 15% collectively. That landscape could soon change in the face of geopolitical reality.

Bank Info Security 7 months ago

UK ICO Fines LastPass Over 2022 Data Breach

Password Manager Must Pay 1.2M PoundsThe British data regulator imposed a fine of 1.2 million pounds against password manager LastPass over a 2022 data breach that exposed the data of millions of its customers. Unidentified hackers stole backup data from LastPass's Amazon Web Services S3 bucket.

Bank Info Security 8 months, 2 weeks ago

OpenAI Signs $38B Deal With Amazon for Compute

AWS to Build Server Clusters, Nvidia to Supply Chips for 7 YearsLoss-making OpenAI added to a string deals with a $38 billion commitment on Monday to using compute resources provided by Amazon Web Services. The AI giant said AWS will build out server clusters using Nvidia flagship Blackwell chips for the next seven years.

Bank Info Security 8 months, 3 weeks ago

AWS Partially Restores Service Affected by Global Outage

Cloud Giant Blames DNS MisconfigurationAmazon Web Services is recovering from a service outage that affected its own services and dozens of its clients on Monday including websites of the British government. The cloud computing giant - the world's largest - blamed a domain name system misconfiguration.

Bank Info Security 8 months, 3 weeks ago

AWS Partially Restores Service Impacted in Global Outage

Cloud Giant Blames DNS MisconfigurationAmazon Web Services is recovering from a service outage that impacted its own services and dozens of its clients on Monday including websites of the British government. The cloud computing giant - the world's largest - blamed a domain name system misconfiguration.

Bank Info Security 10 months, 2 weeks ago

Navy Federal Credit Union Backup Exposed Online

Researcher: Internal Data Belonging to World’s Largest Lender Exposed on AWSNavy Federal, the world’s largest credit union, left hundreds of gigabytes of internal backup files exposed on Amazon’s cloud storage service, says cybersecurity researcher Jeremiah Fowler. Exposed data included email addresses, hashed passwords and what appeared to be internal system data.

Insights on the Expanding Threat Landscape from AWS and DeloitteAs geopolitical tensions rise, companies face an expanding threat landscape - particularly through IoT and OT vulnerabilities that leave cloud infrastructures at risk, said PJ Hamlen at Amazon Web Services, and Julie Bernard at Deloitte & Touche LLP.

Bank Info Security 1 year, 3 months ago

Fake Out: Babuk2 Ransomware Group Claims Bogus Victims

What Do You Mean, Hospital-Targeting Sociopath Ransomware Wielders Continue to Lie?A ransomware group reusing the Babuk ransomware brand claims to have stolen data from the likes of Amazon, Delta and US Bank. Just one problem: Security experts found a startling overlap between its claimed victims and previous attacks scored by the likes of Clop, LockBit and RansomHub.

Bank Info Security 1 year, 4 months ago

Lawsuit: Amazon Violates Washington State Health Data Law

Experts Say First Class Action Claim Under State's Privacy Law Won't Be the LastA proposed class action lawsuit alleges that Amazon is unlawfully collecting and tracking mobile users' data - including sensitive geolocation - in violation of Washington's My Health My Data Act. It's the first such lawsuit filed since the data privacy law went into effect last year.

Bank Info Security 1 year, 4 months ago

Lawsuit: Amazon Violated Washington State Health Data Law

Experts Say First Class Action Claim Under State's Privacy Law Won't Be the LastA proposed class action lawsuit alleges that Amazon is unlawfully collecting and tracking mobile users' data - including sensitive geolocation - in violation of Washington State's My Health My Data Act. It's the first such lawsuit filed since the data privacy law went into effect last year.

Bank Info Security 1 year, 5 months ago

Amazon Details Measures to Counter S3 Encryption Hacks

Hackers Using Valid Customer Credentials to Re-Encrypt S3 ObjectsAmazon is urging its customers to deploy additional security measures to secure S3 buckets following reports of ransomware attacks targeting the platform. The company said mitigations prevented "a high percentage of attempts from succeeding."

Bank Info Security 1 year, 6 months ago

Ransomware Campaign Targets Amazon S3 Buckets

Threat Actor 'Codefinger' Targets Cloud EnvironmentsA ransomware group is targeting Amazon S3 buckets, exploiting the data stored there using AWS’s server-side encryption with customer keys and demanding a ransom in exchange for the encryption key needed to unlock the data. The group uses compromised or publicly exposed AWS account credentials.

Bank Info Security 1 year, 7 months ago

AWS Unveils Future of Enterprise AI and Cloud at re:Invent

CEO Matt Garman Envisions New Era of Compute, Storage and Generative AI innovationAmazon Web Services hopes to redefine enterprise innovation in the cloud with a slew of announcements made during CEO Matt Garman's keynote speech at re:Invent 2024 in Las Vegas about advancements in compute, storage, databases, generative AI and analytics.

Bank Info Security 1 year, 9 months ago

Breach Roundup: Brazilian Police Arrest USDoD

Also: Internet Archive Limps Back Online, Beware Kerbertoasing and Passkey TakeupThis week, Brazilian police arrested USDoD, Internet Archive is recovering, a Microsoft warning over Kerberoasting and of mounting phishing attacks, Google touted memory safety efforts, Volkswagen said no harm after ransomware attack, and Amazon reported over 175 million customers using passkeys.

Loading more headlines...