Showing only posts tagged cybersecurity. Show all posts.

Apple’s New Memory Integrity Enforcement

Source

Apple has introduced a new hardware/software security feature in the iPhone 17: “ Memory Integrity Enforcement,” targeting the memory safety vulnerabilities that spyware products like Pegasus tend to use to get unauthorized system access. From Wired : In recent years, a movement has been steadily growing across the global tech …

Many voices, one community: Three themes from RSA Conference 2025

Source

RSA Conference (RSAC) 2025 drew 730 speakers, 650 exhibitors, and 44,000 attendees from across the globe to the Moscone Center in San Francisco, California from April 28 through May 1. The keynote lineup was eclectic, with 37 presentations featuring speakers ranging from NBA Hall of Famer Earvin “Magic …

Introducing new regional implementations of Landing Zone Accelerator on AWS to support digital sovereignty

Source

Customers often tell me that they want a simpler path to meet the compliance and industry regulatory mandates they have in their geographic regions. In our deep engagements with partners and customers, we have learned that one of the greatest challenges for customers is the translation of security and …

AWS expands Spain’s ENS High certification across 174 services

Source

Amazon Web Services (AWS) has successfully renewed its Esquema Nacional de Seguridad (ENS) High certification under the latest framework established by Royal Decree 311/2022. This achievement demonstrates the continued dedication of AWS to meeting the stringent security requirements essential for serving Spanish government entities and public organizations. The …

Introducing the AWS Zero Trust Accelerator for Government

Source

Government agencies face an unprecedented challenge when designing security against unauthorized access to IT infrastructure and data. Traditional perimeter-based security models—which rely on the assumption of trust within an organization’s network boundaries—are no longer sufficient. The wide adoption of bring-your-own-device (BYOD) and cloud-based resources requires adopting …

AWS empowers global security culture at Wicked6 Cyber Games

Source

Wicked6 Cyber Games 2025 brought hundreds of women together worldwide from March 28–30. This dynamic virtual competition, sponsored by Amazon Web Services (AWS), helped attendees tackle real-world cybersecurity challenges through e-sports experiences. With 72 hours of women talking about cybersecurity, 11 cybersecurity games, and an attack and defense …

CVE Program Almost Unfunded

Source

Mitre’s CVE’s program—which provides common naming and other informational resources about cybersecurity vulnerabilities—was about to be cancelled, as the US Department of Homeland Security failed to renew the contact. It was funded for eleven more months at the last minute. This is a big deal …

Arguing Against CALEA

Source

At a Congressional hearing earlier this week, Matt Blaze made the point that CALEA, the 1994 law that forces telecoms to make phone calls wiretappable, is outdated in today’s threat environment and should be rethought: In other words, while the legally-mandated CALEA capability requirements have changed little over …

AWS completes the 2025 Cyber Essentials Plus certification

Source

Amazon Web Services (AWS) is pleased to announce the successful renewal of the United Kingdom Cyber Essentials Plus certification. The Cyber Essentials Plus certificate is valid for one year until March 21, 2026. Cyber Essentials Plus is a UK Government-backed, industry-supported certification scheme intended to help organizations demonstrate organizational …

Rational Astrologies and Security

Source

John Kelsey and I wrote a short paper for the Rossfest Festschrift : “ Rational Astrologies and Security “: There is another non-security way that designers can spend their security budget: on making their own lives easier. Many of these fall into the category of what has been called rational astrology. First …

Support Canada’s CCCS PBHVA overlay compliance with the Landing Zone Accelerator on AWS

Source

Organizations seeking to adhere to the Canadian Centre for Cyber Security (CCCS) Protected B High Value Assets (PBHVA) overlay requirements can use the Landing Zone Accelerator (LZA) on AWS solution with the CCCS Medium configuration to accelerate their compliance journey. To further support customers, AWS recently collaborated with Coalfire …

DOGE as a National Cyberattack

Source

In the span of just weeks, the US government has experienced what may be the most consequential security breach in its history—not through a sophisticated cyberattack or an act of foreign espionage, but through official orders by a billionaire with a poorly defined government role. And the implications …

2024 PiTuKri ISAE 3000 Type II attestation report available with 179 services in scope

Source

Amazon Web Services (AWS) is pleased to announce the issuance of the Criteria to Assess the Information Security of Cloud Services (PiTuKri) Type II attestation report with 179 services in scope. The Finnish Transport and Communications Agency (Traficom) Cyber Security Centre published PiTuKri, which consists of 52 criteria that …

2024 FINMA ISAE 3000 Type II attestation report available with 179 services in scope

Source

Amazon Web Services (AWS) is pleased to announce the issuance of the Swiss Financial Market Supervisory Authority (FINMA) Type II attestation report with 179 services in scope. The Swiss Financial Market Supervisory Authority (FINMA) has published several requirements and guidelines about engaging with outsourced services for the regulated financial …

Updated whitepaper available: Aligning to the NIST Cybersecurity Framework in the AWS Cloud

Source

Today, we released an updated version of the Aligning to the NIST Cybersecurity Framework (CSF) in the AWS Cloud whitepaper to reflect the significant changes introduced in the National Institute of Standards and Technology (NIST) Cybersecurity Framework (CSF) 2.0, published in February 2024. This comprehensive update helps you …

CCN releases guide for Spain’s ENS landing zones using Landing Zone Accelerator on AWS

Source

The Spanish National Cryptologic Center (CCN) has published a new STIC guide (CCN-STIC-887 Anexo A) that provides a comprehensive template and supporting artifacts for implementing landing zones that comply with Spain's National Security Framework (ENS) Royal Decree 311/2022 using the Landing Zone Accelerator on AWS. [...]

Biden Signs New Cybersecurity Order

Source

President Biden has signed a new cybersecurity order. It has a bunch of provisions, most notably using the US governments procurement power to improve cybersecurity practices industry-wide. Some details : The core of the executive order is an array of mandates for protecting government networks based on lessons learned from …