amazon
Amazon: This week’s AWS outage caused by major DNS failure
Amazon says a major DNS failure was behind a massive AWS (Amazon Web Services) outage that took down many websites and online services on Monday. As GeekFeed reported earlier this week, this incident impacted a critical Northern Virginia data center in the US-EAST-1 region, affecting users worldwide, including the United States and Europe, for over […]
Amazon pays $2.5 billion to settle Prime memberships lawsuit
Amazon will pay $2.5 billion to settle claims by the U.S. Federal Trade Commission (FTC) that it used dark patterns to trick millions of users into enrolling in its Prime program and made it as difficult as possible to cancel the recurring subscriptions. The settlement requires Amazon to pay a $1 billion civil penalty and […]
Amazon disrupts Russian APT29 hackers targeting Microsoft 365
Researchers have disrupted an operation attributed to the Russian state-sponsored threat group Midnight Blizzard, which sought access to Microsoft 365 accounts and data. Also known as APT29, the hacker group compromised websites in a watering hole campaign to redirect selected targets “to malicious infrastructure designed to trick users into authorizing attacker-controlled devices through Microsoft’s device code […]
Amazon AI coding agent hacked to inject data wiping commands
A hacker planted data wiping code in a version of Amazon’s generative AI-powered assistant, the Q Developer Extension for Visual Studio Code. Amazon Q is a free extension that uses generative AI to help developers code, debug, create documentation, and set up custom configurations. It is available on Microsoft’s Visual Code Studio (VCS) marketplace, where it counts nearly one […]
Ring denies breach after users report suspicious logins
Ring is warning that a backend update bug is responsible for customers seeing a surge in unauthorized devices logged into their account on May 28th. On May 28th, many Ring customers reported seeing unusual devices logged into their accounts from various locations worldwide, leading them to believe their accounts had been hacked. Last week, Ring […]
Hackers target SSRF bugs in EC2-hosted sites to steal AWS credentials
A targeted campaign exploited Server-Side Request Forgery (SSRF) vulnerabilities in websites hosted on AWS EC2 instances to extract EC2 Metadata, which could include Identity and Access Management (IAM) credentials from the IMDSv1 endpoint. Retrieving IAM credentials allows attackers to escalate their privileges and access S3 buckets or control other AWS services, potentially leading to sensitive data exposure, […]
AWS rolls out ML-KEM to secure TLS from quantum threats
Amazon Web Services (AWS) has added support for the ML-KEM post-quantum key encapsulation mechanism to AWS Key Management Service (KMS), AWS Certificate Manager (ACM), and AWS Secrets Manager, making TLS connections more secure. ML-KEM (Module-Lattice-based Key Encapsulation Mechanism) is a post-quantum cryptographic algorithm designed to secure key exchanges from the perceived, yet still theoretical threat of […]
Hijacked Microsoft web domain injects spam into SharePoint servers
The legacy domain for Microsoft Stream was hijacked to show a fake Amazon site promoting a Thailand casino, causing all SharePoint sites with old embedded videos to display it as spam. Microsoft Stream is an enterprise video streaming service that allows organizations to upload and share videos in Microsoft 365 apps, such as Teams and […]
Click Profit blocked by the FTC over alleged e-commerce scams
The US Federal Trade Commission (FTC) has taken action against the “Click Profit” business opportunity platform for allegedly earning $14 million while deceiving consumers with false promises of guaranteed passive income through online stores. Click Profit is an online business paltform promoted on social media and through websites that claims to help consumers generate passive income […]
whoAMI attacks give hackers code execution on Amazon EC2 instances
Security researchers discovered a name confusion attack that allows access to an Amazon Web Services account to anyone that publishes an Amazon Machine Image (AMI) with a specific name. Dubbed “whoAMI,” the attack was crafted by DataDog researchers in August 2024, who demonstrated that it’s possible for attackers to gain code execution within AWS accounts by exploiting how […]