Amazon Q flaw let booby-trapped Git repos execute code, swipe cloud creds
Researchers warn many AI coding assistants now execute commands from project configurations
Yasna brings together recent headlines from selected sources and makes them easier to sort with tags, filters, and search.
Search across headline titles and summaries.
Weekly headline count for the current query.
Researchers warn many AI coding assistants now execute commands from project configurations
EU-only ops, German subsidiaries, and a pinky promise your data won't end up in Uncle Sam's hands Amid continued trade and geopolitical volatility between Europe and the US, Amazon Web Services is making its European Sovereign Cloud generally available today and plans to expand so-called Dedicated Local Zones.…
'Within 10 minutes of gaining initial access, crypto miners were operational' Your AWS account could be quietly running someone else's cryptominer. Cryptocurrency thieves are using stolen Amazon account credentials to mine for coins at the expense of AWS customers, abusing their Elastic Container Service (ECS) and their Elastic Compute Cloud (EC2) resources, in an ongoing operation that started on November 2.…
Last year's winner scored a $65M funding round on a $300M valuation Cloud and AI security startups have two weeks to apply for a program that fast-tracks access to investors and mentors from Amazon Web Services, CrowdStrike, and Nvidia.…
Plus adds a ton more security capabilities for cloud customers at re:Inforce Amazon Web Services hit a major multi-factor authentication milestone, achieving 100 percent MFA enforcement for root users across all types of AWS accounts.…
Web souk says Echo hardware doesn't have the oomph for next-gen AI anyway Come March 28, those who opted to have their voice commands for Amazon's AI assistant Alexa processed locally on their Echo devices will lose that option, with all spoken requests pushed to the cloud for analysis.…
PLUS: Salt Typhoon and IT worker scammers sanctioned; Alibaba Cloud’s K8s go global; Amazon acquires Indian BNPL company Asia In Brief When food delivery “superapps” started operations in Indonesia, users started putting on weight – and that’s not an entirely bad thing.…
Tap into the infinite scalability... of pricing Re:Invent Amazon Web Services has a new incident response service that combines automation and people to protect customers' AWS accounts - at a hefty price.…
Remember Bucket Monopoly? Yeah, it gets worse Amazon Web Services has fixed a flaw in its open source Cloud Development Kit that, under the right conditions, could allow an attacker to hijack a user's account completely.…
Outsourcers outsourced work for the BBC, Amazon, and HBO Max to the hermit kingdom A misconfigured cloud server that used a North Korean IP address has led to the discovery that film production studios including the BBC, Amazon, and HBO Max could be inadvertently hiring workers from the hermit kingdom for animation projects.…
ALSO: Amazon's child-sized COPPA fine, smart tech security labels coming to the US, and this week's critical vulns Infosec in brief A security weakness in Google Cloud Build could have allowed attackers to tamper with organizations' code repositories and application images, according to Orca Security researchers.…
Why limit yourself to only stealing AWS credentials? A criminal crew with a history of deploying malware to harvest credentials from Amazon Web Services accounts may expand its attention to organizations using Microsoft Azure and Google Cloud Platform.…
It's not Amazon's fault buckets are exposed, but the loaded shotgun and your foot are all ready and waiting Amazon wants you to know that it's not to blame for the data you've exposed though its cloud storage service. AWS Simple Storage Service (S3) is, after all, simple.…
Datadog security researchers found the flaw before miscreants did Amazon Web Services (AWS) fixed a cross-tenant flaw in AWS AppSync that could allow miscreants to abuse that cloud service to assume identity and access management roles in other AWS accounts, and then gain access to and control over those resources. …
Scammers are using cloud services to create and host web pages that can be used to lure victims into handing over their credentials Criminals are slipping phishing emails past automated security scanners inside Amazon Web Services (AWS) to establish a launching pad for attacks.…
Stretching its security software a bit further Amazon’s cloud platform is extending security capabilities for a couple of its widely used services; Amazon Elastic Block Store (EBS) and Amazon Elastic Kubernetes Service (EKS).…
Three vulnerabilities in one line of code AWS fixed three authentication bugs present in one line of code in its IAM Authenticator for Kubernetes, used by the cloud giant's popular managed Kubernetes service Amazon EKS, that could allow an attacker to escalate privileges within a Kubernetes cluster.…
Lightspin threat researchers discovered the bug, which AWS fixed A local file read vulnerability in Amazon's Relational Database Service (RDS) could be exploited to allow an attacker to gain access to internal AWS credentials, the cloud behemoth has confirmed.…