Amazon AWS Outage and Jaguar Land Rover Attack: Cybersecurity's Top Stories This Week
Amazon Reveals AWS Outage Details and Weekly Security Report
Details of the Amazon Web Services (AWS) Outage 2020
November 2020: Beginning of the major AWS service outage.
Problems with DynamoDB affecting domain name resolution.
Network Load Balancer (NLB) outage.
Difficulty launching new EC2 instances, impacting scalability.
The outage lasted 15 hours, affecting Roku, Adobe, and Shipt.
Amazon pledged to improve service availability and infrastructure stability.
Amazon has revealed the technical details behind the major Amazon Web Services (AWS) outage that occurred in November 2020, which affected a wide part of the internet and led to the disruption of many websites and services for 15 hours.
The outage began with issues in the DynamoDB service, a fully managed NoSQL database that provides high performance with low latency. These problems affected the domain name resolution process, hindering user access to services hosted on AWS.
The crisis was exacerbated by an outage of the Network Load Balancer, a vital component for efficiently distributing traffic across multiple servers and preventing bottlenecks. Amazon also faced difficulty launching new "EC2 instances," scalable virtual servers used to run applications in the cloud. This inability to provide additional resources led to a backlog of requests and significant response delays, affecting major companies such as Roku, Adobe, and Target's Shipt services. Business Insider
Amazon confirmed that this outage had a significant impact on many customers and pledged to learn from this experience to improve its service availability and ensure the stability of its cloud infrastructure in the future.
Weekly Cybersecurity and Privacy News
Cost of Cyberattack on JLR
A cyberattack halted Jaguar Land Rover (JLR) production for 5 weeks in 2023, with estimated losses of $2.5 billion, making it the most expensive in British history.
SourceOpenAI Atlas Concerns
OpenAI's "Atlas" browser raises expert concerns about indirect command injection attacks through embedding malicious instructions in texts.
SourceSoftware Supply Chain Vulnerability
A critical vulnerability in open-source archiving libraries (like "tokio-tar") allows for remote code execution (RCE) due to lack of support.
Source
In addition, the weekly cybersecurity and privacy news report included the following:
- Cyberattack costs Jaguar Land Rover $2.5 billion: A new analysis revealed that the cyberattack which halted production for the automotive giant Jaguar Land Rover (JLR) and its supply chain for five weeks in late 2023 is likely the most financially costly attack in British history, with estimated losses of approximately £1.9 billion ($2.5 billion). Jaguar Land Rover
- OpenAI's Atlas browser raises concerns about command injection: OpenAI launched its web browser "Atlas," which integrates its chatbot at the heart of the browser. However, experts and security researchers are raising concerns about indirect command injection attacks, where malicious instructions can be embedded in texts or images read by the chatbot, potentially leading to unauthorized command execution. TechCrunch
- Critical vulnerability in an open-source tool highlights software supply chain challenges: Researchers revealed a significant vulnerability in open-source libraries for file archiving, which could lead to remote code execution (RCE) through file overwrite attacks. RCE attacks allow an attacker to execute code on a remote device. Some of these libraries, such as "tokio-tar," are no longer supported, leaving users vulnerable. Dark Reading
- SpaceX claims disabling 2500 Starlink devices around fraud compounds: Lauren Dreyer, VP of Starlink business operations, confirmed that the company disabled over 2500 Starlink devices near suspected "fraud centers" in Myanmar. These centers are often used for communications related to organized crime activities such as online fraud and human trafficking. Reuters
myhome
https://www.aymany.com/
