Amazon
-
Amazon says it disrupted GRU-linked campaign that targeted misconfigured edge network devices
Amazon says it disrupted a years-long campaign attributed to the Russian GRU that shifted from exploiting software flaws to targeting misconfigured edge devices on customer cloud infrastructure, and that it has protected affected EC2 instances, notified customers and shared intelligence.
-
Amazon finds Iran-linked hackers using cyber reconnaissance to aid physical attacks
Amazon’s threat intelligence team reported that Iran-linked hackers conducted digital reconnaissance, including targeting ship AIS and CCTV, to support physical attacks—a trend the company calls cyber-enabled kinetic targeting.
-
Amazon opens invite-only bug bounty for NOVA models to outside researchers
Amazon has launched an invite-only bug bounty program for its NOVA family of language models, allowing select researchers to test and be paid for findings on issues such as prompt injection, jailbreaking and other vulnerabilities, with the company saying the effort will help secure models integrated across Amazon and customer systems.
-
AWS outage disrupts Amazon, Prime Video, Fortnite, Perplexity and more
An AWS outage has caused widespread service disruptions across multiple regions, affecting Amazon, Prime Video, Fortnite, Perplexity, Canva and others, with AWS reporting increased error rates and work underway to mitigate the issue.
-
Hacker Compromises Amazon’s AI Coding Extension, Raises Concerns Over Security
A hacker compromised Amazon’s AI coding extension, raising serious concerns about the security of generative AI tools and software supply chains. The incident highlights critical vulnerabilities in the integration of open-source code and underscores the need for improved security measures.
-
Amazon Patches Critical Vulnerability in EC2 SSM Agent
Amazon has addressed a critical vulnerability in its EC2 Simple Systems Manager (SSM) Agent that posed significant risks of privilege escalation and code execution, with the flaw traced back to improper validation of plugin IDs.
