< ciso
brief />
Tag Banner

All news with #aws tag

2299 articles · page 65 of 115

AWS Lowers Payment Cryptography API and Key Pricing

🔽 AWS reduced AWS Payment Cryptography API request prices by up to 63% and introduced a fourth pricing tier to better accommodate high-volume workloads. The update also moves key billing from a flat-rate model to tiered key pricing and unifies pricing across all Regions. Changes are effective December 15, 2025 and are applied automatically to all customers. The managed service supports PCI-aligned cryptographic operations, helping organizations reduce reliance on dedicated payment HSMs and scale key management and payment processing more cost-effectively.
read more →

Crypto-mining Campaign Targets Amazon EC2 and ECS Resources

⚠️ Amazon GuardDuty and AWS automated monitoring identified a coordinated crypto‑mining campaign beginning November 2, 2025, that used compromised IAM credentials to deploy miners on Amazon EC2 and Amazon ECS. Attackers enumerated quotas and permissions, launched large EC2 fleets and ECS Fargate tasks from a malicious Docker Hub image, and used persistence techniques such as disabling API termination and creating public Lambda URLs. GuardDuty Extended Threat Detection correlated signals to surface critical attack sequences and AWS provides IoCs and mitigation guidance including strong identity controls, CloudTrail logging, Runtime Monitoring, and remediation playbooks.
read more →

Amazon Disrupts GRU Hackers Targeting Edge Devices

🔒 Amazon Threat Intelligence disrupted active operations attributed to GRU-linked hackers who targeted customer cloud infrastructure by abusing misconfigured edge devices. The multi-year campaign, observed since 2021 and focused on Western critical infrastructure and the energy sector, shifted in 2025 from zero-day exploitation to targeting exposed management interfaces on routers, VPN gateways, and network management appliances. Amazon isolated compromised EC2 instances, shared indicators, and advised audits, credential monitoring, and AWS controls like isolating management interfaces, restricting security groups, and enabling CloudTrail, GuardDuty, and VPC Flow Logs.
read more →

AWS IoT Device Management: Dynamic Payloads for Commands

🔧 AWS IoT Device Management commands now support dynamic payloads and parameter validation, allowing developers to create reusable command templates with placeholders that are populated at execution time. Parameter validation rules verify values before execution to reduce errors and enforce expected formats or ranges. This makes it easier to send similar commands with variable settings—such as different thermostat temperatures—while streamlining command management across device fleets.
read more →

Amazon Connect adds detailed context to real-time alerts

🔔 Amazon Connect real-time metric alerts now report the specific agents, queues, contact flows, or routing profiles that exceeded thresholds, eliminating the need for manual investigation. For example, alerts on elevated queue wait times will include the exact queues affected so managers can reassign staff promptly. These enriched notifications can be delivered via email, Tasks, and Amazon EventBridge, and the capability is available in all regions where Amazon Connect is offered. The change is designed to accelerate operational response and improve customer experience.
read more →

AWS Direct Connect Opens First Hanoi Location in CMC Tower

🔌 AWS opened a new AWS Direct Connect location at the CMC Tower in Hanoi, Vietnam, enabling private, dedicated network access to all public AWS Regions (except China), AWS GovCloud Regions, and AWS Local Zones. The site offers dedicated 1 Gbps, 10 Gbps, and 100 Gbps connections, with MACsec encryption available for 10 Gbps and 100 Gbps links. This is the first Direct Connect location in Vietnam and is designed to deliver a more consistent network experience than internet-based connections. Organizations can use this location to establish private, physical connections between AWS and their data centers, offices, or colocation environments.
read more →

Compromised IAM Credentials Fuel Large-Scale AWS Crypto Mining

🚨 Amazon detected a campaign on Nov 2, 2025 that used compromised IAM credentials to rapidly deploy cryptocurrency miners across ECS Fargate and EC2, with miners running within ten minutes of initial access. The adversary used DryRun-based discovery to validate permissions, created service-linked roles and dozens of ECS clusters, and registered a malicious DockerHub image to launch mining with the RandomVIREL algorithm. Attackers also set disableApiTermination=True on EC2 instances to hinder remediation; Amazon recommends enforcing MFA, least privilege, temporary credentials, container scanning, CloudTrail logging and enabling GuardDuty.
read more →

AWS Artifact Adds Self-Service Access to Prior Reports

📁 AWS Artifact now provides self-service access to previous versions of compliance reports, eliminating the need to contact AWS Support or account representatives. Customers with the IAM permission artifact:ListReportVersions—included in the managed policy AWSArtifactReportsReadOnlyAccess—can view prior SOC, ISO, and C5 report versions directly in the console by selecting available versions. Availability of historical coverage varies by compliance program, and the feature is generally available in US East (N. Virginia) and AWS GovCloud (US-West).
read more →

Amazon SageMaker AI Launches in Asia Pacific (NZ) Region

🚀Amazon announced that SageMaker AI is now available in the Asia Pacific (New Zealand) AWS Region. Starting today, developers and data scientists in New Zealand can build, train, and deploy machine learning models locally using the fully managed SageMaker AI platform. The service removes much of the operational overhead across the ML lifecycle, helping teams move from experimentation to production more quickly and consistently. Customers should review AWS documentation and pricing to get started.
read more →

AWS Security Incident Response Adds Slack Integration

🔗 AWS Security Incident Response now integrates with Slack, enabling bidirectional case creation and automatic data replication so teams can create and update cases from either the Security Incident Response console or Slack. Each case is mapped to a dedicated Slack channel with comments and attachments syncing instantly, and responders are added automatically to accelerate engagement. The open-source solution on GitHub leverages EventBridge and a modular architecture and includes guidance for using AI assistants such as Amazon Q Developer or Kiro to extend integration targets beyond Slack.
read more →

AWS cuts carbon footprint reporting lag to 21 days

🌿 AWS now publishes customer carbon footprint data within 21 days of usage, reducing the previous reporting lag of up to three months. Estimates are published between the 15th and 21st of the month following usage and are available via the Customer Carbon Footprint Tool (CCFT) in the AWS Billing and Cost Management console. The CCFT dashboard retains 38 months of historical data to support trend analysis and faster emissions and cost-reduction decisions.
read more →

Amazon EC2 M8i Instances Expand to Five Additional Regions

🚀 Amazon Web Services has expanded availability of EC2 M8i instances to Asia Pacific (Seoul, Tokyo, Sydney, Singapore) and Canada (Central). Powered by AWS-exclusive Intel Xeon 6 processors, M8i offers up to 15% better price-performance and 2.5x memory bandwidth versus prior Intel-based instances, and up to 20% higher performance than M7i. These SAP-certified general purpose instances include 13 sizes, two bare-metal options, and a new 96xlarge for the largest workloads.
read more →

Amazon Reveals Years-Long GRU Campaign Targeting Energy

🛡️ Amazon's threat intelligence team disclosed a years-long campaign tied with high confidence to the GRU-affiliated APT44 (also tracked as FROZENBARENTS/Sandworm), which targeted Western critical infrastructure from 2021–2025. The actor shifted from zero-day exploitation to abusing misconfigured customer network edge devices and exposed management interfaces on AWS-hosted instances, enabling packet capture, credential harvesting, and credential replay against energy, telecom, and cloud providers. Amazon observed exploitation of WatchGuard (CVE-2022-26318), Atlassian Confluence (CVE-2021-26084, CVE-2023-22518), and Veeam (CVE-2023-27532), notified affected customers, disrupted active operations, and recommended audits, stronger authentication, and monitoring for unexpected access and credential replay.
read more →

Amazon: Russian GRU Targets Misconfigured Edge Devices

🔒 Amazon Threat Intelligence has attributed with high confidence a years‑long campaign to Russia’s GRU, noting a shift in 2025 from exploiting software flaws to compromising misconfigured customer network edge devices. The actor has targeted enterprise routers, VPN concentrators, network management appliances and cloud-hosted edge instances, including some hosted on AWS, to gain initial access. This tactic supports credential harvesting, replay attacks and lateral movement while reducing attacker exposure and resource expenditure.
read more →

Amazon Quick Suite Adds Memory for Personalized Chat Agents

🧠 Amazon Quick Suite now adds memory to its chat agents, enabling personalized responses based on prior conversations and stated preferences. The feature stores inferred user preferences—such as response format, acronyms, dashboards, and integrations—and lets users view and remove any remembered items. Users may also choose Private Mode, in which chats are not used to infer memories. Memory is currently available in US East (N. Virginia) and US West (Oregon).
read more →

Amazon Quick Suite Extension Adds Quick Flows in Browser

🔁 The Amazon Quick Suite browser extension now supports Amazon Quick Flows, enabling users to run workflows directly in their web browser without manually extracting page data. You can invoke flows you created or that were shared with you and pass web page content as input while staying on the site. This supports routine tasks like contract analysis and dashboard report generation. The capability is available in select regions with no extra extension fees beyond standard Quick Flows usage.
read more →

AWS Clean Rooms publishes EventBridge notifications

🔔 AWS Clean Rooms now publishes events to Amazon EventBridge to signal new member invitations and table readiness. Invited collaborators receive immediate EventBridge notifications when added to a collaboration, and members are alerted when AWS Entity Resolution resources (ID mapping tables and namespaces) are associated. This enables automated, near-real-time workflows, reduces manual polling, and shortens time-to-action from hours to minutes. Organizations can more quickly start analyses and increase transparency between collaborators.
read more →

Route 53 adds CloudWatch metrics for Resolver endpoints

📊 You can now enable CloudWatch metrics for Route 53 Resolver endpoints to monitor per-endpoint DNS performance and the health of target name servers. The metrics include query response latency plus counts of SERVFAIL, NXDOMAIN, REFUSED and FORMERR responses, and timeouts for outbound target servers. These details make it easier to troubleshoot hybrid DNS resolution issues and build alerts and dashboards; standard CloudWatch and Resolver endpoint charges apply.
read more →

AWS Response and Lessons from npm Supply-Chain Attacks

🔒AWS Security details its incident response to multiple high-scale npm supply chain campaigns, including the compromised Nx package, the Shai-Hulud worm, and a token-farming operation detected by Amazon Inspector. Teams enacted rapid containment (repository blocklisting, OpenSSF registration), performed deep analysis using AI-assisted detonation in sandboxes, and automated disclosures to protect customers. The effort produced improved behavioral detections, GenAI prompt guardrails for Amazon Q, and strengthened collaboration with the security community to reduce future exposure.
read more →

Amazon EVS Now Available in Additional AWS Regions

🚀Amazon Elastic VMware Service (Amazon EVS) is now available in all availability zones within six additional AWS Regions, expanding options for running VMware workloads on AWS Nitro-powered EC2 bare-metal. You can deploy a complete VMware Cloud Foundation environment in hours using the guided workflow or CLI automation, accelerating migrations and data center exits. This expansion improves latency, supports data residency requirements, and adds redundancy choices for high availability.
read more →