#amazon

Ubuntu Security Notice 5594-1 - Asaf Modelevsky discovered that the Intel 10GbE PCI Express Ethernet driver for the Linux kernel performed insufficient control flow management. A local attacker could possibly use this to cause a denial of service. It was discovered that the IP implementation in the Linux kernel did not provide sufficient randomization when calculating port offsets. An attacker could possibly use this to expose sensitive information.

Ubuntu Security Notice 5592-1 - Asaf Modelevsky discovered that the Intel 10GbE PCI Express Ethernet driver for the Linux kernel performed insufficient control flow management. A local attacker could possibly use this to cause a denial of service. It was discovered that the virtual terminal driver in the Linux kernel did not properly handle VGA console font changes, leading to an out-of-bounds write. A local attacker could use this to cause a denial of service or possibly execute arbitrary code.

Ubuntu Security Notice 5591-2 - It was discovered that the virtual terminal driver in the Linux kernel did not properly handle VGA console font changes, leading to an out-of-bounds write. A local attacker could use this to cause a denial of service or possibly execute arbitrary code.

Thousands of corporate mobile apps developed by businesses for use by their customers contain hardcoded AWS tokens that can be easily extracted and used to access the full run of corporate data stored in cloud buckets.

IT has to get its hands around cloud data sprawl. Another area of focus should be on ghost data, as it expands the organization's cloud attack surface.

By Jon Munshaw.  Welcome to this week’s edition of the Threat Source newsletter.  This week marks about 90 days before my wife’s due date with our first child, a baby girl. We’re both incredibly excited and nervous at the same time, and we have much to discuss, like how to lay out the nursery, what times we’ll put her down for a nap and who must be the one to get up the first time she starts crying at 2 a.m.  But the first true argument my wife and I have had about having a child is whether we should show the baby’s face on Instagram.  This child isn’t even born yet, and social media companies are probably already building out a data profile on her. I signed up for the What to Expect app so I could follow along with my wife’s pregnancy progress and learn more about what she’s going through and how the baby is developing. Already I’m getting targeted ads on the app and my Instagram for specific brands of baby food, the stroller that we’ve listed on our registry and an automati...

Researchers have identified 1,859 apps across Android and iOS containing hard-coded Amazon Web Services (AWS) credentials, posing a major security risk. "Over three-quarters (77%) of the apps contained valid AWS access tokens allowing access to private AWS cloud services," Symantec's Threat Hunter team, a part of Broadcom Software, said in a report shared with The Hacker News. Interestingly, a

Researchers found that mobile applications contain keys that could provide access to both user information and private files from unconnected apps.

While cloud breaches are going to happen, that doesn't mean we can't do anything about them. By better understanding cloud attacks, organizations can better prepare for them. (First of two parts.)

Ubuntu Security Notice 5572-2 - Roger Pau Monné discovered that the Xen virtual block driver in the Linux kernel did not properly initialize memory pages to be used for shared communication with the backend. A local attacker could use this to expose sensitive information. Roger Pau Monné discovered that the Xen paravirtualization frontend in the Linux kernel did not properly initialize memory pages to be used for shared communication with the backend. A local attacker could use this to expose sensitive information.