Securing messages published to Amazon SNS with AWS PrivateLink

Amazon Simple Notification Service (SNS) now supports VPC Endpoints (VPCE) via AWS PrivateLink. You can use VPC Endpoints to privately publish messages to SNS topics, from an Amazon Virtual Private Cloud (VPC), without traversing the public internet. When you use AWS PrivateLink, you don’t need to set up an Internet Gateway (IGW), Network Address Translation (NAT) device, or Virtual Private Network (VPN) connection. You don’t need to use public IP addresses, either.

Verizon Report Finds More Cybersecurity Gains Than Losses

The annual Data Breach Investigations Report from Verizon usually provides cybersecurity professionals with some cold comfort. This year’s report covering 53,000 security incidents, including 2,216 confirmed data breaches, is no exception. Highlights of the report include the fact that almost three-quarters (73 percent) of cyberattacks were perpetrated by outsiders. Members of organized criminal groups were behind half of all breaches, with nation-state or state-affiliated actors accounting for 12 percent. The rest (28 percent) involved insiders.

VERT Threat Alert: April 2018 Patch Tuesday Analysis

Today’s VERT Alert addresses Microsoft’s April 2018 Security Updates. VERT is actively working on coverage for these vulnerabilities and expects to ship ASPL-773 on Wednesday, April 10th.In-The-Wild & Disclosed CVEsCVE-2018-1034A vulnerability in SharePoint Server could allow specially crafted web requests to read unauthorized content or perform actions in the context of an authorized user. This attack is possible due to a failure to properly sanitize certain web requests and the update ensures proper sanitization occurs.Microsoft has rated this as a 3 on the Exploitability Index (Exploitation Unlikely)CVE Breakdown by TagWhile historical Microsoft Security Bulletin groupings are gone, Microsoft vulnerabilities are tagged with an identifier. This list provides a breakdown of the CVEs on a per tag basis.Other InformationIn addition to the Microsoft vulnerabilities included in the April Security Guidance, a number of security advisories were also made available.April 2018 Adobe Flash Security Update [ADV180007]Microsoft released updates for Adobe Flash. These correspond with Adobe Update APSB18-08. This includes fixes for CVE-2018-4932, CVE-2018-4933, CVE-2018-4934, CVE-2018-4935, CVE-2018-4936, and CVE-2018-4937.

The FCC’s Big Problem with Small Satellites


Editor’s Picks

When officials at the Federal Communications Commission (FCC) denied launch authorization for four innovative satellites from startup Swarm Technologies last December, the agency was unequivocal as to the reason. “The applicant proposes to deploy and operate four spacecraft that are smaller than 10 centimeters in one of their three dimensions,” read a letter to Swarm’s CEO and founder Sara Spangelo. “These spacecraft are therefore below the size threshold at which detection by the Space Surveillance Network can be considered routine.”

How to Tune Your Database Security to Protect Big Data

As digital information and data continues to accumulate worldwide, new big data solutions grow more and more popular. The introduction of IoT into our lifestyle, which turns appliances into smart data logging machines, along with organizations tracking behaviors for data science and research purposes, has made the move into big data storage inevitable.

Security shop Carbon Black files to go public

Alex Wilhelm is the editor-in-chief of Crunchbase News and co-host of Equity, TechCrunch’s venture capital-focused podcast. More posts by this contributor

Today Carbon Black filed to go public, publishing its S-1 document with a $100 million IPO figure as a placeholder.

A new app called Garden helps you stay in touch with friends and family without Facebook

Facebook has become the de facto way people today keep up with their friends and family and, at times, their wider network of professional acquaintances and colleagues. But its inattention to user data protection is leading some people looking for an out. A new app called Garden, officially launching today, wants to offer people a more private and personal way to keep up with those who are important to them.

New research: Only 52% of developers using components in their apps update them when a new vulnerability is announced

Open source components have gone mainstream. With every company undoubtedly becoming a software company, open source and commercial components are a vital element in developing applications at the speed of DevOps. But while they’re a powerful tool for adding features and functionalities to applications in relatively short order, they also introduce remarkable security risks.