You are viewing a previous version of this security bulletin. For the most current version please visit: "Processor Speculative Execution Research Disclosure". Update As Of: 2017/01/04 15:30 PST This is an update to this issue. Amazon EC2 All instances across the Amazon EC2 fleet are protected from all known threat vectors from the CVEs previously listed. Customers’ instances are protected against these threats from other instances. We have not observed meaningful performance
More info:
https://aws.amazon.com/security/security-bulletins/AWS-2018-013/v2/
You are viewing a previous version of this security bulletin. For the most current version please visit: "Processor Speculative Execution Research Disclosure". 2018/01/03 14:45 PST AWS is aware of recently disclosed research regarding side-channel analysis of speculative execution on modern computer processors (CVE-2017-5715, CVE-2017-5753, and CVE-2017-5754). This is a vulnerability that has existed for more than 20 years in modern processor architectures like Intel, AMD, and ARM
More info:
https://aws.amazon.com/security/security-bulletins/AWS-2018-013/v1/
July 13, 2010 Some Gmail users have noticed that their Gmail accounts have been accessed by systems whose IP addresses resolve to an IP address block in use by Amazon Elastic Compute Cloud (Amazon EC2). Amazon Web Services (AWS) has investigated several of these complaints; finding them to be cases where an end user implicitly granted third-party access to their Gmail account. A typical example: a user signs up for a social networking site which offers the option to import the user’s
More info:
https://aws.amazon.com/security/security-bulletins/gmail-accounts-accessed-by-ec2-ips/
December 03, 2009 December 3, 2009 — AWS has completed a set of updates to its web sites, applications and service APIs to mitigate risks from the SSL and TLS renegotiation vulnerabilities previously reported. There is no impact to customers and no action is required. Customers may optionally consider updating their own systems with any applicable patches to ensure they mitigate against all possible risks from these SSL and TLS vulnerabilities. November 7, 2009 — Security
More info:
https://aws.amazon.com/security/security-bulletins/ssl-and-tls-renegotiation-vulnerabilities/
2015/07/21 - 12:35 PM PST - Update AWS Elastic Beanstalk We have updated all Elastic Beanstalk Windows containers per MS15-JULY, as described at https://technet.microsoft.com/en-us/library/security/ms15-jul.aspx. Steps to migrate your existing environment to the updated version: 1. Log in to the AWS Management Console and select Elastic Beanstalk from the list of services. 2. Find the application you want to migrate and then click the Action button next to the application name. 3. In the
More info:
https://aws.amazon.com/security/security-bulletins/ms15-078-advisory/
August 31, 2011 A new Internet worm has been reported that spreads via Microsofts Remote Desk Protocol (RDP). This worm scans an infected hosts subnet for other hosts running RDP and attempts access to them using a pre-configured set of user names (including "administrator") and passwords. According to Microsoft, this worm can be remotely controlled and updated, such that infected hosts may be ordered to perform denial-of-service attacks or other functions. Because of this, the
More info:
https://aws.amazon.com/security/security-bulletins/morto-worm-spreading-via-remote-desktop-protocol/
2015/05/13 - 5:20 AM PDT We are aware of the QEMU security issue assigned CVE-2015-3456, also known as "VENOM," which impacts various virtualized platforms. There is no risk to AWS customer data or instances. Information on the Xen-specific advisory can be found below: Xen Security Advisory 133 (CVE-2015-3456) - Privilege escalation via emulated floppy disk drive http://xenbits.xen.org/xsa/advisory-133.html
More info:
https://aws.amazon.com/security/security-bulletins/XSA_Security_Advisory_CVE_2015_3456/
We all know that plenty of WordPress sites are getting hacked each year. Is it because WordPress is an insecure system? Is it a global WordPress issue, or does it come from those webmasters’ actions? How, and why is it happening? Whether you are running a personal blog, business website, or an eCommerce site on […]
More info:
https://www.wpwhitesecurity.com/statistics-highlight-main-source-wordpress-vulnerabilities/
- Este despliegue se llevará a cabo el 14 de octubre, de modo que cuando un anfitrión habilite la opción de encriptado de extremo a extremo para una reunión en particular, el contenido de dicha reunión se cifrará utilizando claves que sólo conocerán los dispositivos de esos participantes.
El próximo 14 de octubre, la conocida plataforma de reuniones online, Zoom, va a desplegar tecnología de encriptación de extremo a extremo para todos los usuarios, tanto los que utilizan la versión gratuita como la de pago, con el fin de mejorar la seguridad y privacidad de la plataforma. Esta característica será opcional y estará disponible para todas las reuniones a discreción del anfitrión.
Cuando un anfitrión elija habilitar el encriptado de extremo a extremo (E2EE) para una reunión en particular, el contenido de esa reunión se cifrará utilizando claves que sólo serán conocidas por los dispositivos de esos participantes. Zoom no tendrá acceso en ningún momento a las claves. Esta primera fase del despliegue de encriptación de extremo a extremo proporcionará la misma seguridad que las actuales plataformas de mensajería encriptada de extremo a extremo, pero con la calidad de vídeo y escala que ha hecho de Zoom la solución de vídeo elegida por cientos de millones de personas en todo el mundo cada día.
Esta encriptación no afectará a los niveles de asistencia que Zoom proporciona a las fuerzas del orden, que se rige por su Guía de Solicitudes Gubernamentales. La plataforma seguirá manteniendo abiertas las líneas de comunicación con los organismos encargados de hacer cumplir la ley, los reguladores y los gobiernos de todo el mundo.
Fuente: Zoom (09/10/2020)
On September 14, 2020, our Threat Intelligence team discovered two high severity vulnerabilities in Post Grid, a WordPress plugin with over 60,000 installations. While investigating one of these vulnerabilities, we discovered that almost identical vulnerabilities were also present in Team Showcase, a separate plugin by the same author with over 6,000 installations. We initially reached […]
More info:
https://www.wordfence.com/blog/2020/10/high-severity-vulnerabilities-in-post-grid-and-team-showcase-plugins/
