All news with #infrastructure security tag

🚀 AWS has announced general availability of the Amazon EC2 Capacity Reservation Topology API, providing a hierarchical, per-account view of the relative location of capacity reservations for AI/ML and HPC workloads. The API represents reservations as a network node set so customers can assess proximity without launching instances. Paired with the Instance Topology API, it enables consistent job scheduling, capacity planning, and node ranking across distributed parallel workloads and is available in most major AWS regions.

🚀 AWS has launched Amazon EC2 U7i-8tb (u7i-8tb.112xlarge) instances in the Europe (London) region, offering 8 TiB of DDR5 memory and 448 vCPUs for memory-intensive workloads. Powered by custom fourth-generation Intel Xeon Scalable processors (Sapphire Rapids), these 7th-generation instances deliver up to 135% more compute than prior U-1 instances and support up to 100 Gbps for EBS and networking with ENA Express. They are aimed at mission-critical in-memory databases like SAP HANA, Oracle, and SQL Server.

🔒 Cloudflare patched two QUIC ACK-handling vulnerabilities (CVE-2025-4820, CVE-2025-4821) affecting its open-source quiche library and services using it. The flaws—missing ACK range validation and an Optimistic ACK attack—could let a malicious peer inflate server send rates, driving CPU and network amplification. Cloudflare implemented ACK range enforcement and a dynamic, CWND-aware skip frequency; quiche versions prior to 0.24.4 were affected.

🔒 During economic downturns, organizations must preserve cybersecurity with constrained budgets by prioritizing risk-based controls, hardening existing systems, and blending open- and closed-source tools. The blog recommends defense-in-depth, isolating legacy hardware, disabling unnecessary features, and tuning EDR/AV, logging, and network filters to reduce exposure. It also advises retaining skilled incident response partners and investing selectively in early-to-mid career talent to maintain long-term resilience.

⚠️ Amazon says a major DNS failure in DynamoDB's DNS management system triggered a widespread AWS outage focused on the us-east-1 (Northern Virginia) region. A race condition at 11:48 PM PDT caused the accidental deletion of all IP addresses for the regional DynamoDB public endpoint, producing immediate DNS resolution failures for customer and internal traffic. The fault cascaded across services, kept automated recovery from restoring consistency, and required manual operator intervention to recover. AWS has disabled the problematic DNS automation globally, added protective checks, improved throttling, built new test suites, and apologized for the impact.

🌐 This blog presents a reference architecture for deploying Network Virtual Appliances (NVAs) in a regional hub-and-spoke design using VPC Network Peering. It explains how Google’s Cross-Cloud Network and software-defined global backbone support any-to-any connectivity while preserving regional affinity for latency and data residency. The post details traffic flows and key services such as Cloud Interconnect, HA VPN, Internal Passthrough Network Load Balancers, policy-based routes, and Private Service Connect to integrate managed services and workload VPCs.

🚀 AWS today announced RTB Fabric, a fully managed service that connects publishers and buyers with AdTech partners such as Amazon Ads, GumGum, Kargo, MobileFuse, Sovrn, TripleLift, Viant, and Yieldmo over a private, high‑performance network delivering single‑digit millisecond latency. The service can reduce standard cloud networking costs by up to 80% and requires no upfront commitments. Built-in modules support containerized applications and foundation models and run inline to optimize traffic, improve bid efficiency, and increase bid response rates.

💾 Amazon Web Services has made Amazon EC2 I8g storage-optimized instances generally available in Europe (London), Asia Pacific (Singapore), and Asia Pacific (Tokyo). Powered by AWS Graviton4 processors and third-generation Nitro SSDs, I8g delivers up to 60% better compute performance and up to 65% improved real-time storage performance per TB versus the previous generation. These instances offer up to 45 TB of local NVMe storage, up to 100 Gbps networking, and are aimed at transactional databases, real-time analytics, and I/O-intensive AI pre-processing workloads.

🔍 Cloudflare investigated a production soft lockup traced to the Linux BPF LPM trie, a core data structure for IP and IP+Port longest-prefix matching. Benchmarks on 96-core AMD EPYC hardware showed lookups remain relatively fast at modest sizes, but updates, deletes and especially freeing maps degrade severely at scale, causing multi-second CPU stalls and customer packet loss. The post refreshes trie basics, presents measured results (lookups, updates, deletes, free costs), and diagnoses kernel implementation limits — notably binary child pointers, absent level compression, and allocator-induced cache and dTLB pressure — then outlines plans to upstream benchmarks and refactor toward a level-compressed multibit trie to reduce traversal height, cache/TLB misses, and freeing overhead.

⚠️Researchers used a commercial off-the-shelf satellite dish to perform the most comprehensive public study yet of geostationary satellite communications. They discovered a shockingly large volume of sensitive traffic—critical infrastructure telemetry, internal corporate and government communications, private voice calls and SMS, and consumer Internet streams such as in-flight Wi‑Fi—being broadcast unencrypted. Much of this data can be passively observed by anyone with a few hundred dollars of consumer-grade hardware, and a single transponder's footprint may cover up to 40% of the Earth's surface.

📡 Second-generation AWS Outposts racks are now supported in the AWS Europe (Ireland) Region, allowing customers to order racks connected to that Region. Outposts extend AWS infrastructure, services, APIs, and tools into on-premises data centers and colocation sites for a consistent hybrid experience. This expansion helps organizations optimize latency and address data residency needs while retaining centralized management through their home Region.

🚀 AWS announced that Amazon EC2 M8g instances, powered by Graviton4 processors, are now available in Europe (Paris), Asia Pacific (Osaka), Canada (Central), and the Middle East (Bahrain). The M8g family delivers up to 30% better performance versus Graviton3-based instances and offers larger sizes with up to 3× more vCPUs and memory. Built on the AWS Nitro System, these instances provide enhanced networking and EBS bandwidth for general-purpose workloads such as application servers, microservices, gaming servers, and caching fleets.

🚀 Google outlines designs for agile, fungible data centers to meet explosive AI demand, advocating modular, interoperable architectures and late-binding of facility resources. It highlights Project Deschutes liquid cooling, +/-400Vdc power proposals with Mt. Diablo side-car designs, and open efforts like Caliptra 2.0 and OCP L.O.C.K.. The post calls for community standards across power, cooling, telemetry, networking, and security to improve resilience, sustainability, and operational flexibility.

☁️ Microsoft is expanding its Azure footprint across Asia, launching new datacenter regions in Malaysia and Indonesia in 2025 and announcing planned expansions in India and Taiwan for 2026. The company is investing billions to deliver AI-ready hyperscale infrastructure, next‑generation networking, scalable storage, and multi‑zone availability to support low-latency, compliant services. Microsoft also plans a second Malaysia region (Southeast Asia 3) and recommends multi-region architectures along with the Cloud Adoption and Well‑Architected Frameworks to improve resilience, performance, and cost optimization.

🚀 Amazon SageMaker notebook instances now offer Amazon Linux 2023 as a launch option alongside Amazon Linux 2. The update provides a modern rpm-based runtime with a predictable two-year release cycle and five years of long-term support. Enhanced security features include SELinux support and FIPS 140-3 validated cryptographic modules. Use AL2023 to benefit from updated packages and continued OS maintenance.

🆕 Amazon SageMaker notebook instances now support Amazon Linux 2023, giving data scientists and developers access to an updated, rpm-based runtime for managed Jupyter notebooks. AL2023 is the successor to AL2, offering a predictable two-year major release cadence and five years of long-term support. Enhanced security features include SELinux and FIPS 140-3 validated cryptographic modules. New notebook instances can be launched with either AL2023 or AL2.

🔒 Chief information security officers (CISOs) play a strategic role in physical security when systems such as badges, keycards and video surveillance are tied to IT and grant access to critical assets. This article outlines ten essential measures—from hardening data centers and mapping physical–cyber connections to securing IoT and surveillance systems—that CISOs should coordinate with facilities, legal and physical security teams. Implementing these controls reduces risk and supports incident response and compliance.

🔍 Today, Amazon GameLift Servers added console capabilities to view and connect to individual fleet instances directly from the EC2 and Container Fleet Detail pages. A new Instances tab lists associated hosts and each instance has a details page presenting human-readable metadata (also available via GameLift Server APIs). From the list or detail view you can press a Connect button to open a modal and launch AWS CloudShell to start an SSM session into the instance, enabling hands-on inspection, log retrieval, and faster diagnosis of network and health issues.

🔧 AWS Parallel Computing Service (AWS PCS) now supports over 60 additional Slurm configuration parameters, giving administrators finer control of job scheduling, resource allocation, access permissions, and job lifecycle behavior. New options include queue-specific priority policies, preemption rules, custom time and resource limits, and account-level access controls. Per-job execution behaviors and QoS tuning help run multi-team production HPC environments more efficiently. The expanded settings are available in all AWS PCS regions.

⚙️ AWS today introduced Amazon ECS Managed Instances, a fully managed compute option that provisions, configures, and operates Amazon EC2 instances on behalf of customers to reduce infrastructure overhead. You specify task requirements (vCPUs, memory, CPU architecture) or desired instance types and ECS automatically selects and manages optimal instances. The service dynamically scales capacity, optimizes task placement, and applies security patching on a 14-day cadence with support for scheduled EC2 event windows.