Displaying items by tag: AWS

It seems that Amazon’s hotfix for Log4Shell in their AWS environment might have been a bit rushed. According to a review of the hot there are a total of four CVEs specifically related to the hotfix and how it functions. CVE-2021-3100, CVE-2021-3101, CVE-2022-0070, and CVE-2022-0071 have a CVSS score of 8.8 and allow for privilege escalation and container escape. It is not often that a fix for one bad bug contains a potentially worse one, but here we are.

Published in Security Talk

Some needs to let Gordan Freeman know that the Xen aliens are attacking Lambda, time to grab a crowbar and go to work. Ok, so there are no invaders from a border dimension coming and the Lambda in question is really Amazon’s Lambda Serverless function in AWS while the threat is a bit of crypto mining malware that appears to have been specifically written for Lambda in Google’s Go.

Published in Security Talk

The shift to services like AWS, GCP and more have meant that many organizations are also making a shift away from the Microsoft Windows platform and moving to a Linux centric environment and while this is a good move for the most part, it has left many open to exploit due to improper configurations and a lack of proper security tools to protect their environments.

Published in Security Talk

Black Hat 2017, Las Vegas, NV -
The cloud has become one of those buzz words that people like to use when they want you to put your data or workloads on someone else’s computers and network. Amazon Web Services (AWS), Microsoft Azure, and some lesser known systems. The problem is that once you put your information into their network there is a lot that you have to do to ensure that your information or workloads are secure. Amazon, Microsoft and others are only going to take security so far for you and that leave you vulnerable.

Published in Shows and Events

Cisco has made the decision to dive even deeper into the cloud with a $1 Billion investment in cloud services. The money will be spent over the course of the next two years and is earmarked to build infrastructure services similar to Amazon Web Services and Microsoft’s Azure. Over the past few years Cisco has been investing more heavily into cloud services and even bought a cloud networking company (Meraki) with the intent of integrating some of their cloud management technologies into future Cisco products. In the long run this is a financially smart move as cloud services can represent a sustainable revenue stream and also allow Cisco (or another business) to reach new markets and customers they might not have access to. It also gives existing customers an option to utilize a “trusted” partner for something they might be considering, but not willing to move on due to not having a vendor they like.

Published in News