< ciso
brief />
Vendor and Hyperscaler Watch Banner

All news in category “Vendor and Hyperscaler Watch

4625 articles · page 68 of 232

Amazon OpenSearch Serverless Adds Zstandard Compression

🗜️ Amazon OpenSearch Serverless now supports Zstandard (zstd) codecs for index storage, giving customers a choice between the default LZ4 and the new zstd or zstd_no_dict modes. Zstandard can reduce index size by up to 32% compared with LZ4 and lets you tune compression levels to balance storage savings against indexing throughput and query latency. Lower compression levels (for example, level 1) deliver meaningful space savings with minimal performance impact, while higher levels (for example, level 6) maximize compression at the cost of slower indexing. The feature is available today in all Regions where OpenSearch Serverless is supported and can be configured in index settings at creation time.
read more →

When Attackers Already Have the Keys — MFA is Not Enough

🔒 The Figure breach exposed 967,200 email records without a single exploit, creating a large inventory adversaries can immediately weaponize for credential stuffing, AI-driven phishing, and help-desk social engineering. The article argues these exposures are operational inputs, not static data, and that common MFA methods — push notifications, SMS, and TOTP — are vulnerable to real-time relay (AiTM) attacks and MFA fatigue. Fixing the problem is architectural, not purely educational: effective defence requires cryptographic origin binding, hardware-bound private keys, and live biometric verification simultaneously.
read more →

AWS Private CA Adds Customer Managed RAM Permissions

🔒 AWS Private Certificate Authority now supports customer managed permissions in AWS Resource Access Manager (AWS RAM), enabling administrators to grant only the specific API operations each consuming account needs. You can choose from granular read operations (for example, DescribeCertificateAuthority, GetCertificate, GetCertificateAuthorityCertificate) and write operations (for example, IssueCertificate, RevokeCertificate). Cross-account issuers are no longer limited to a single certificate template. The feature is available in all Regions where Private CA and RAM are offered.
read more →

FedRAMP Clears Microsoft’s GCC High Despite Flaws, Concerns

🚨 An internal late-2024 government report reviewed by ProPublica found that Microsoft’s Government Community Cloud High lacked “proper detailed security documentation,” leaving evaluators with “a lack of confidence” in assessing the platform. One reviewer called the package “a pile of shit.” Despite those findings, FedRAMP authorized the product with a buyer-beware notice, a decision that helped Microsoft expand a multibillion-dollar federal cloud business.
read more →

Amazon EC2 Capacity Manager Adds Tag-Based Dimensions

🏷️ Amazon EC2 Capacity Manager now supports tag-based dimensions, enabling you to group and filter capacity metrics using tags from your EC2 resources. You can activate up to five custom tag keys — for example environment, team, or cost-center — alongside built-in dimensions such as Region, Instance Type, and Availability Zone. The launch also introduces a new built-in Account Name dimension and includes tag data as additional columns in newly created S3 exports. Activate keys in the Capacity Manager Settings (Manage tag keys) or via the AWS CLI.
read more →

Microsoft Suspends Dev Accounts for Open-Source Projects

⚠️ Microsoft has suspended developer accounts used to maintain multiple high-profile open-source projects, blocking them from publishing Windows builds and security patches without prior notice or a quick reinstatement path. Affected projects include WireGuard, VeraCrypt, MemTest86, and Windscribe. Maintainers report no emails, warnings, or clear appeals process and say they can still publish Linux and macOS updates but not Windows releases. Microsoft said accounts were automatically suspended for failing mandatory verification for the Windows Hardware Program and that outreach and press attention have prompted follow-up from company representatives.
read more →

Scrutiny Grows Over LinkedIn’s Handling of User Data

🔍LinkedIn’s massive trove of user information is facing scrutiny after a small European firm behind the BrowserGate campaign alleged that hidden code on linkedin.com scans visitors’ machines for installed software and transmits the inventory to LinkedIn and third parties. The group, which uses names including Teamfluence and Fairlinked and is led by an individual using the name Steven Morrell, framed the activity as an “illegal” search and a form of corporate espionage. LinkedIn denied core accusations, said it discloses browser-extension scanning in its privacy policy to detect abuse and protect site stability, and declined to confirm whether the data is used only for those purposes.
read more →

Route 53 Resolver endpoints support delegation in GovCloud

🔁Route 53 Resolver endpoints in AWS GovCloud (US) Regions now support DNS delegation for private hosted zone subdomains. This update enables both inbound and outbound delegation between on-premises DNS and Route 53 Resolver endpoints, simplifying namespace management across teams and environments. The capability removes the need for conditional forwarding rules and extends the earlier commercial-region support to GovCloud (US-East and US-West). Delegation incurs no extra charge beyond Resolver endpoint usage.
read more →

SageMaker HyperPod Adds Gang Scheduling for EKS Clusters

Amazon SageMaker HyperPod task governance now supports gang scheduling for HyperPod clusters using the EKS orchestrator. Administrators can configure readiness timeouts, node-failure behavior, single-workload admission and retry policies so distributed training jobs are only admitted when all required pods are ready. Pulled workloads are automatically requeued to avoid stalls and wasted compute. This reduces deadlocks, resource contention, and unexpected cost overruns for multi-pod training jobs.
read more →

Amazon IVS Real-Time Streaming Adds Redundant Ingest

🔁 Amazon IVS Real-Time Streaming now supports redundant ingest, enabling simultaneous streaming from two encoders to a single stage with automated failover. This feature protects live feeds from source encoder failures and first-mile network issues, helping maintain uninterrupted delivery to viewers. It's particularly suited for live events and continuous 24/7 streams where availability is critical. The capability is available through the IVS console and APIs in supported AWS Regions.
read more →

Amazon EKS Managed Node Groups Now Add EC2 Warm Pools

🚀 Amazon EKS managed node groups now support Auto Scaling warm pools, keeping pre-initialized EC2 instances ready for rapid scale-out. With warm pools enabled, instances complete OS initialization, user data execution, and software configuration before joining the cluster; you can choose Stopped (lower cost, longer transition) or Running (higher cost, faster transition). You can also enable reuse on scale-in to return instances to the pool instead of terminating them, and the feature works with Cluster Autoscaler without additional configuration. Enable via the EKS API, AWS CLI, Console, or CloudFormation by adding a warmPoolConfig to node group requests.
read more →

Framework for Secure Forensic Artifact Collection to S3

🗃️ This post outlines a secure, automated framework for collecting forensic artifacts into Amazon S3, emphasizing least privilege, time-limited AWS STS credentials, and compatibility with existing forensic tools. It recommends S3 hardening—encryption in transit, CMK-based server-side encryption, CloudTrail data events, object versioning and Object Lock—to preserve chain of custody. The post demonstrates vending scoped temporary credentials and an AWS CDK reference implementation that automates collection using SQS, Lambda, Step Functions, and Systems Manager.
read more →

Arelion Enhances DDoS Defenses with NETSCOUT Arbor

🛡️ Arelion has expanded its DDoS protection capabilities by deepening its partnership with NETSCOUT, building on over 16 years of collaboration. NETSCOUT introduced enhancements — Sightline with the Sentinel orchestration add-on, the ATLAS Intelligence Feed (AIF) for TMS, and Adaptive DDoS Protection (ADP) — to improve automation, threat intelligence, and mitigation scaling. These upgrades increase visibility and automated response across Arelion’s global backbone, improving protection for both internal systems and customer services.
read more →

NETSCOUT Arbor Threat Mitigation Wins Multiple G2 Badges

🛡️ NETSCOUT’s Arbor Threat Mitigation System (TMS) earned five G2 winter 2026 badges, including Leader distinctions for Enterprise DDoS Protection, DDoS Protection, and Web Security, plus a regional nod in Asia. Arbor Sightline also secured a leader badge for enterprise network management. G2 awards reflect verified user reviews and NETSCOUT’s market presence; customers praise AI/ML-driven visibility, automated defenses, and carrier-grade, hybrid/cloud mitigation.
read more →

Amazon Bedrock AgentCore Browser Adds OS-Level Actions

🖱️ Amazon announced that Bedrock AgentCore Browser now supports OS-level interaction capabilities to automate browser workflows beyond the Chrome DevTools Protocol (CDP). The update adds mouse and keyboard operations, full desktop screenshots, and handling for native system dialogs and print flows. It targets AI agent developers, test automation engineers, and teams building LLM-powered web interaction tools. The feature is enabled by default across all AgentCore Browser instances in the 14 supported AWS Regions.
read more →

Amazon WorkSpaces Advisor: AI Troubleshooting for VDI

🔍 Amazon WorkSpaces Advisor is an AI-powered troubleshooting assistant for Amazon WorkSpaces Personal. It analyzes WorkSpace configurations, identifies problems, and provides actionable recommendations to restore service and optimize performance. Administrators can use its generative AI insights to streamline investigations, reduce downtime, and proactively maintain virtual desktop infrastructure. The feature is now available in all AWS commercial regions via the WorkSpaces console.
read more →

Google Cloud Named Leader in Forrester Sovereign Cloud 2026

🔒 Google Cloud has been named a Leader in The Forrester Wave™: Sovereign Cloud Platforms, Q2 2026. The company emphasizes a sovereignty-by-design approach across three offerings: Google Cloud Data Boundary with Assured Workloads, Google Cloud Dedicated, and Google Distributed Cloud. Forrester highlighted Google’s roadmap and AI sovereign development capabilities as key differentiators. These options address data residency, operational autonomy, and fully air-gapped deployments for regulated organizations.
read more →

Amazon OpenSearch Adds i8ge Storage-Optimized Instances

🚀 Amazon OpenSearch Service now supports i8ge storage-optimized instances powered by AWS Graviton4. i8ge delivers up to 60% better compute performance versus prior Graviton2-based Im4gn instances and uses third-generation AWS Nitro SSDs for up to 55% higher real-time storage throughput per TB, with substantially lower I/O latency and variability. Instances scale to 18xlarge (up to 45 TB) and offer up to 112.5 Gbps networking, and they support all OpenSearch versions plus Elasticsearch 7.9 and 7.10. Availability spans multiple US, Europe, and Asia Pacific regions; consult regional pricing and product pages for details.
read more →

GKE Cloud Storage FUSE Profiles for AI/ML Workload I/O

⚡ GKE’s Cloud Storage FUSE Profiles automate performance tuning for AI/ML workloads by providing pre-defined, dynamically managed StorageClasses optimized for training, serving, and checkpointing. Instead of manually adjusting many mount and CSI options, users select a profile and GKE scans the bucket and node resources to calculate cache sizes and backing media. The CSI driver mounts the volume with those calculated options and dynamically adjusts cache behavior using real-time signals to maximize throughput while protecting node stability.
read more →

Cloud Cost Optimization: Maximizing ROI from AI and Value

💡 This Azure blog launches a multi‑part Cloud Cost Optimization series that guides organizations on maximizing ROI from AI while controlling consumption‑based expenses. It identifies primary cost drivers—variable usage patterns, specialized infrastructure, and cross‑team lifecycle activities—and explains why AI cost optimization differs from conventional cloud cost control. The post urges linking cost decisions to measurable business outcomes and adopting continuous governance to sustain long‑term value.
read more →