AWS Introduces Machine Learning Security Service Macie
Last week, Amazon Web Services unrolled a new security service for their cloud offerings. Dubbed Macie, the new fully managed service for S3 leverages machine-learning algorithms to identify and protect sensitive data against data leaks and unauthorized access.
Macie’s core capabilities weren’t built in-house by Amazon. The service itself was being developed by Harvest.ai, which some may remember as a $20 million acquisition made by AWS earlier this year. They developed a product called Macie Analytics meant to report and prevent possible data leaks within enterprise environments. The same product has now been integrated with Amazon S3 and went to become – Amazon Macie.
How One AI-Driven Media Platform Cut EBS Costs for AWS ASGs by 48%
Macie is currently available to AWS customers throughout US East and West regions. The service supports only S3 services, but the company said it plans to soon expand its machine learning security capabilities to other Amazon services as well.
Facebook Announces 10th Data Centre
The social network has revealed that it plans to open its tenth data center by 2019. The new facility will be built in New Albany, Ohio, with expected construction costs at some $750m.
As is the case with all of Facebook’s data center facilities, energy efficiency and environmental impact are a big concern. To keep it as environmentally friendly and efficient as possible, the tech giant said it will focus on building its facilities by using clean energy from renewable sources.
“We are committed to powering our data centers with clean and renewable energy, and New Albany is no exception, like our previous seven data centers, our facility in New Albany will be powered by 100% renewable energy.”
Rachel Peterson, Director of Data Center Strategy and Development @ Facebook
Peterson also said that the New Albany data center will be one of the most advanced, energy-efficient data centers in the world.
Read More: Cloud Pro
Washington University Experiment Shows How Smart Devices Can Be Hijacked to Spy on Users
An experiment performed by a team of students at Washington University demonstrated how easily smart devices can be leveraged as spying tools. The attack method uncovered by four student hackers showed how to easily track every move by making use of built-in microphones and speakers.
The attack, dubbed CovertBand, works even through walls, operating as a sonar to pick up reflected sound waves and efficiently mapping the movement of anyone near the audio source. For the attack to succeed the hacker would first need to hijack the victim’s smart device (by installing a third-party app) and then by playing music tracks with embedded pulses which are picked up via microphone.
By leveraging AudioRecord API to record the signals simultaneously on two microphones, the app could easily achieve 2D tracking. The CovertBand attack requires access only to a speaker and microphone to be successful. It means a criminal could use any smart devices in the victim’s home to spy and gather private data.
Read More: Hacker News, CovertBand
Microsoft Will Acquire Cycle Computing to Further Boost Azure Offerings
In a recent announcement, Microsoft disclosed the acquisition of Cycle Computing, a cloud computing orchestration company. The acquisition comes as a result of Microsoft’s continued efforts to further strengthen their High-Performance Computing (HPC) and other Big Computing capabilities in the cloud.
“At Microsoft, we believe that access to Big Computing capabilities in the cloud has the power to transform many businesses and will be at the forefront of breakthrough experimentation and innovation in the decades to come.”
Jason Zander, Corporate VP @ Microsoft Azure
Although Cycle Computing had solid relationships with other cloud vendors, such as Google Cloud and AWS, prior to the acquisition, it will continue to support customers using those services. Future releases of the software, however, will be Azure-focused.
Read More: Microsoft Blog, Cloud Pro
Two Zero-Day Exploits Discovered in Popular PDF Reader
Last week, security researchers discovered two critical security vulnerabilities within the Foxit Reader software. The “zero-day” weaknesses could enable hackers to easily run arbitrary code on a targeted computer.The first one was discovered by Ariele Caltabiano working with Trend Micro’s Zero Day Initiative (CVE-2017-10951) and is a command injection bug. The second bug is a file write issue found by Steven Seeley at Offensive Security (CVE-2017-10952).
The first one was discovered by Ariele Caltabiano working with Trend Micro’s Zero Day Initiative (CVE-2017-10951) and is a command injection bug. The second bug is a file write issue found by Steven Seeley at Offensive Security (CVE-2017-10952).
If you are using Foxit Reader and PhantomPDF, make sure you have the “Safe Reading Mode” feature enabled. Additionally, you can also uncheck the “Enable JavaScript Actions” box from the Preferences menu (some features may crash, however).
Read More: Hacker News, Zero Day Initiative