Geek-Guy.com

Tag: Amazon

AI, Apps, Compliance, Global Security News, Network Security, Risk Management

Identify unused AWS KMS keys and prevent accidental key deletions

As you scale your use of Amazon Web Services (AWS), managing KMS keys becomes increasingly important. Whether you manage a handful of keys or thousands across multiple AWS accounts and AWS Regions, there’s often a need to audit key usage to help you meet compliance requirements, evaluate your risk posture, and optimize key management costs.…

Read more →

AI, Apps, Compliance, Endpoint, Global Security News, Network Security

Secure multi-tenant AI agents with Amazon Bedrock AgentCore resource-based policies

Software as a service (SaaS) providers building AI-powered applications on Amazon Bedrock AgentCore often need to serve multiple tenants with distinct security requirements from a shared infrastructure. Some tenants require cross-account access from their own Amazon Web Services (AWS) accounts, while others mandate that traffic stay within a private virtual private cloud (VPC) for regulatory…

Read more →

AI, Cloud Security, Compliance, Cybersecurity, Global Security News, privacy, Risk Management

Spring 2026 SOC 1, 2, and 3 reports are now available with 188 services in scope

Amazon Web Services (AWS) is pleased to announce that the Spring 2026 System and Organization Controls (SOC) 1, 2, and 3 reports are now available. The reports cover 188 services over the 12-month period from April 1, 2025–March 31, 2026, giving customers a full year of assurance. These reports demonstrate our continuous commitment to adhering…

Read more →

AI, Compliance, Global Security News, Network Security, privacy, Risk Management

AWS KY3P report now available for third-party supplier due diligence

We’re excited to announce that Amazon Web Services (AWS) has completed the S&P Global Know Your Third Party (KY3P) assessment of its security posture. This assessment demonstrates our continued commitment to meet the heightened expectations of cloud service providers. Customers can now use the AWS KY3P assessment to reduce their supplier due diligence burden. KY3P,…

Read more →

AI, Apps, Compliance, Global Security News, malware, Network Security

Detecting and preventing crypto mining in your AWS environment

This article guides you on how to use Amazon GuardDuty to identify and mitigate cryptocurrency mining threats in your Amazon Web Services (AWS) environment. You’ll learn about the specialized detection capabilities of GuardDuty and best practices to build a multi-layered defense strategy that protects your infrastructure costs and security posture. Understanding the crypto mining challenge…

Read more →

AI, Apps, Compliance, Global Security News, privacy

PCI PIN and P2PE compliance packages for AWS Payment Cryptography are now available

Amazon Web Services (AWS) is pleased to announce the successful completion of Payment Card Industry Personal Identification Number (PCI PIN) and PCI Point-to-Point Encryption (PCI P2PE) assessments for the AWS Payment Cryptography service. This assessment expands the AWS Payment Cryptography compliance portfolio, with AWS now validated as a component provider for Key Management (KMCP) and…

Read more →

AI, Apps, Compliance, Global Security News, Network Security

Complimentary virtual training: Get hands-on with AWS Security Services

If you’re looking to strengthen your organization’s security posture on Amazon Web Services (AWS) but aren’t sure where to start, then we’re here to help. Security Activation Days are complimentary, virtual, hands-on workshops designed to help you get practical experience with AWS security services in a single session. What to expect Each Security Activation Day…

Read more →

AI, Cloud Security, Compliance, Global Security News, privacy, Risk Management

AWS achieves SNI 27017, SNI 27018, and SNI 9001 certifications for the AWS Asia Pacific (Jakarta) Region

Amazon Web Services (AWS) achieved three Standar Nasional Indonesia (SNI) certifications for the AWS Asia Pacific (Jakarta) Region: SNI ISO/IEC 27017:2015, SNI ISO/IEC 27018:2019, and SNI ISO 9001:2015. SNI represents Indonesia’s national standards framework, comprising standards that are broadly applicable across industries within the country. These certifications further demonstrate that AWS services meet nationally recognized…

Read more →

AI, APAC, Compliance, Europe, Global Security News, Risk Management

AWS, Microsoft, & Google Cloud Converge Around AI-Led Growth

The “big three” hyperscalers, Amazon Web Services (AWS), Microsoft, and Google Cloud, have been especially active over the past 12 months, operating both as suppliers of in-demand data center capacity for AI model developers and as builders of their own models, services, and tools. While each has historically leaned into distinct strengths and target markets,…

Read more →

AI, Apps, Cybersecurity, Data Breaches, Exploits, Global Security News, Network Security, Risk Management

AWS leans on prior ingenuity to face future AI and quantum threats

As Amazon celebrates the 20th anniversary of its AWS cloud this year, the world’s biggest cloud computing provider now faces two giant cybersecurity threats — AI and quantum. How the company will navigate these emerging issues to ensure the security and resilience of systems used by its millions of corporate customers remains an evolving question.…

Read more →

AI, Apps, Compliance, Global Security News, Network Security

Access control with IAM Identity Center session tags

As organizations expand their Amazon Web Services (AWS) footprint, managing secure, scalable, and cost-efficient access across multiple accounts becomes increasingly important. AWS IAM Identity Center offers a centralized, unified solution for managing workforce access to AWS accounts. It simplifies authentication, enhances security, and provides a seamless user sign-in experience to AWS services across diverse environments.…

Read more →

AI, Cloud Security, Compliance, Cybersecurity, Global Security News, privacy, Risk Management

Winter 2025 SOC 1 report is now available with 184 services in scope

Amazon Web Services (AWS) is pleased to announce that the Winter 2025 System and Organization Controls (SOC) 1 report is now available. The report covers 184 services over the 12-month period from January 1, 2025 – December 31, 2025, giving customers a full year of assurance. This report demonstrates our continuous commitment to adhering to…

Read more →

AI, Endpoint, Global Security News

GitLab Collaborates with AWS to Bring Agentic DevSecOps to Enterprise Teams Using Their Existing Amazon Bedrock Accounts and Spend

COMPANY NEWS: Customers can route GitLab Duo Agent Platform inference through Amazon Bedrock models already running in their AWS accounts without new vendor onboarding or model endpoints. GitLab Credits purchased through AWS Marketplace count toward existing AWS spending commitments. GitLab’s Bring Your Own Model (BYOM) capability for Self-Managed customers lets teams connect their self-hosted AI…

Read more →

AI, APAC, Apps, Exploits, Global Security News, Network Security, privacy, Risk Management, Venture

The dark side of chatbots with ‘personality’

They say you can find anything on Amazon. Now, you can even get a personality.  Not for yourself, but for your AI “friend,” Alexa.  Amazon has announced four new “conversation styles” or “personalities” for its voice-interaction Alexa+ AI chatbot.  Users can now choose between “Brief,” “Chill,” “Sweet,” and “Sassy” styles and pick from a range…

Read more →

AI, Exploits, Global Security News

Interlock Ransomware Exploits Cisco FMC Zero-Day CVE-2026-20131 for Root Access

Amazon Threat Intelligence is warning of an active Interlock ransomware campaign that’s exploiting a recently disclosed critical security flaw in Cisco Secure Firewall Management Center (FMC) Software. The vulnerability in question is CVE-2026-20131 (CVSS score: 10.0), a case of insecure deserialization of user-supplied Java byte stream, which could allow an unauthenticated, remote attacker to

Read more →

AI, Apps, Compliance, Exploits, Global Security News, Government & Policy, malware, Network Security

Amazon threat intelligence teams identify Interlock ransomware campaign targeting enterprise firewalls

Amazon threat intelligence has identified an active Interlock ransomware campaign exploiting CVE-2026-20131, a critical vulnerability in Cisco Secure Firewall Management Center (FMC) Software that could allow an unauthenticated, remote attacker to execute arbitrary Java code as root on an affected device, which was disclosed by Cisco on March 4, 2026. After Cisco’s disclosure, Amazon threat…

Read more →

AI, Compliance, Europe, Global Security News, Risk Management

AWS completes the second GDV community audit with participant insurers in Germany

We’re excited to announce that Amazon Web Services (AWS) has completed its second GDV (German Insurance Association) community audit with 36 members from the Germany insurance industry participating, corresponding to over 63% coverage of the German market in terms of insurance premiums. Community audits are an efficient method to provide additional assurance to a group…

Read more →

AI, Apps, Cybersecurity, Global Security News, Network Security

AWS Leader on Cloud Lessons and AI’s Next Wave

Twenty years after Amazon Web Services began reshaping enterprise infrastructure, the company’s partner ecosystem is entering another major transition—this time driven by artificial intelligence. In an interview with Channel Insider, Brian Bohan, director and global lead of the AWS Consulting Center of Excellence, discussed how lessons from the early cloud era are shaping AWS’s approach…

Read more →

AI, Apps, Cloud Security, Compliance, Cybersecurity, Endpoint, Global Security News, Network Security, Risk Management

How to manage the lifecycle of Amazon Machine Images using AMI Lineage for AWS

As organizations scale their cloud infrastructure, maintaining proper lifecycle management of Amazon Machine Images (AMIs) is a critical component of their security and risk management goals. AMIs provide the essential information required to launch Amazon Elastic Compute Cloud (Amazon EC2) instances, however; they present security and compliance challenges if not tracked and managed throughout their…

Read more →

AI, Cloud Security, Cybersecurity, Endpoint, Global Security News, Risk Management

AWS expands Security Hub for multicloud security operations

Amazon Web Services is expanding AWS Security Hub to function as a centralized security operations platform capable of aggregating risk signals across multicloud environments. With the updated Security Hub, the company said it will introduce a unified operations layer that provides security teams with near real-time risk analytics, automated analysis, and prioritized insights. As enterprise…

Read more →

AI, Apps, Data Breaches, Exploits, Global Security News, Network Security, Risk Management

AWS-LC Flaws Could Bypass Certificate Verification

Amazon AWS has disclosed several vulnerabilities in AWS-LC, its open-source cryptographic library.  The issues include flaws that could allow certificate verification to be bypassed and weaknesses that may expose encryption timing information.  One of the vulnerabilities, CVE-2026-3338, “allows an unauthenticated user to bypass signature verification when processing PKCS7 objects with Authenticated Attributes,” said AWS in…

Read more →

AI, Apps, Compliance, Global Security News, Government & Policy, Risk Management

AWS completes the 2026 annual Dubai Electronic Security Centre (DESC) certification audit

We’re excited to announce that Amazon Web Services (AWS) has completed the annual Dubai Electronic Security Centre (DESC) certification audit to operate as a Tier 1 Cloud Service Provider (CSP) for the AWS Middle East (UAE) Region. This alignment with DESC requirements demonstrates our continued commitment to adhere to the heightened expectations for CSPs. Government…

Read more →

AI, Cloud Security, Compliance, Global Security News, privacy

2025 ISO and CSA STAR certificates are now available with one additional service and one new region

Amazon Web Services (AWS) successfully completed the annual recertification audit with no findings for ISO 9001:2015, 27001:2022, 27017:2015, 27018:2019, 27701:2019, 20000-1:2018, 22301:2019, and Cloud Security Alliance (CSA) STAR Cloud Controls Matrix (CCM) v4.0. The objective of the audit was to enable AWS to expand their ISO and CSA STAR certifications to include one new AWS…

Read more →

AI, Compliance, Global Security News, Risk Management

2025 FINMA ISAE 3000 Type II attestation report available with 183 services in scope

Amazon Web Services (AWS) is pleased to announce the issuance of the Swiss Financial Market Supervisory Authority (FINMA) Type II attestation report with 183 services in scope. The Swiss Financial Market Supervisory Authority (FINMA) has published several requirements and guidelines about engaging with outsourced services for the regulated financial services customers in Switzerland. An independent…

Read more →

AI, Compliance, Global Security News, Risk Management

2025 PiTuKri ISAE 3000 Type II attestation report available with 183 services in scope

Amazon Web Services (AWS) is pleased to announce the issuance of the Criteria to Assess the Information Security of Cloud Services (PiTuKri) Type II attestation report with 183 services in scope. The Finnish Transport and Communications Agency (Traficom) Cyber Security Centre published PiTuKri, which consists of 52 criteria that provide guidance across 11 domains for…

Read more →

AI, Apps, Compliance, Global Security News

AWS successfully completed its first surveillance audit for ISO 42001:2023 with no findings

In November 2024, Amazon Web Services (AWS) was the first major cloud service provider to announce the ISO/IEC 42001 accredited certification for AI services, covering: Amazon Bedrock, Amazon Q Business, Amazon Textract, and Amazon Transcribe. In November 2025, AWS successfully completed its first surveillance audit for ISO 42001:2023, Artificial Intelligence Management System with no findings.…

Read more →

AI, Global Security News

DXC Completes Enterprise-Wide Amazon Quick Deployment and Launches New Practice to Help Accelerate AI Adoption

COMPANY NEWS: DXC proves AI at real enterprise scale through its own global deployment of Amazon Quick, supporting 115,000 employees across 70 countries.  New DXC Amazon Quick Practice helps customers securely deploy and operationalize AI across complex, multivendor enterprise ecosystems.  DXC’s Customer Zero approach validates new technologies internally first, enabling faster and more confident customer…

Read more →

AI, Global Security News

DXC Completes Enterprise-Wide Amazon Quick Deployment and Launches New Practice to Help Accelerate AI Adoption

COMPANY NEWS: DXC proves AI at real enterprise scale through its own global deployment of Amazon Quick, supporting 115,000 employees across 70 countries.  New DXC Amazon Quick Practice helps customers securely deploy and operationalize AI across complex, multivendor enterprise ecosystems.  DXC’s Customer Zero approach validates new technologies internally first, enabling faster and more confident customer…

Read more →

AI, Announcements, Apps, Compliance, Endpoint, Foundational (100), Global Security News, Launch, Network Security

IAM Identity Center now supports IPv6

Amazon Web Services (AWS) recommends using AWS IAM Identity Center to provide your workforce access to AWS managed applications—such as Amazon Q Developer—and AWS accounts. Today, we announced IAM Identity Center support for IPv6. To learn more about the advantages of IPv6, visit the IPv6 product page. When you enable IAM Identity center, it provides…

Read more →

AI, Announcements, Compliance, Foundational (100), Global Security News, PCI, privacy, Security Blog, Security, Identity, & Compliance

Updated PCI PIN compliance package for AWS CloudHSM now available

Amazon Web Services (AWS) is pleased to announce the successful completion of Payment Card Industry Personal Identification Number (PCI PIN) audit for the AWS CloudHSM service. With CloudHSM, you can manage and access your keys on FIPS 140-3 Level 3 validated hardware, protected with customer-owned, single-tenant hardware security module (HSM) instances that run in your…

Read more →

AI, Announcements, Apps, Compliance, Compliance reports, Foundational (100), Global Security News, privacy, Security, Identity, & Compliance

Updated PCI PIN compliance package for AWS Payment Cryptography now available

Amazon Web Services (AWS) is pleased to announce the successful completion of Payment Card Industry Personal Identification Number (PCI PIN) audit for the AWS Payment Cryptography service. With AWS Payment Cryptography, your payment processing applications can use payment hardware security modules (HSMs) that are PCI PIN Transaction Security (PTS) HSM certified and fully managed by…

Read more →

AI, Announcements, Apps, Compliance, Cybersecurity, Europe, Foundational (100), Global Security News, Government & Policy, Risk Management, Security Blog, Security, Identity, & Compliance

AWS achieves 2025 C5 Type 2 attestation report with 183 services in scope 

Amazon Web Services (AWS) is pleased to announce a successful completion of the 2025 Cloud Computing Compliance Criteria Catalogue (C5) attestation cycle with 183 services in scope. This alignment with C5 requirements demonstrates our ongoing commitment to adhere to the heightened expectations for cloud service providers. AWS customers in Germany and across Europe can run…

Read more →

AI, Announcements, Apps, Compliance, Cybersecurity, Europe, Foundational (100), Global Security News, Government & Policy, Risk Management, Security Blog, Security, Identity, & Compliance

AWS achieves 2025 C5 Type 2 attestation report with 183 services in scope 

Amazon Web Services (AWS) is pleased to announce a successful completion of the 2025 Cloud Computing Compliance Criteria Catalogue (C5) attestation cycle with 183 services in scope. This alignment with C5 requirements demonstrates our ongoing commitment to adhere to the heightened expectations for cloud service providers. AWS customers in Germany and across Europe can run…

Read more →

AI, Announcements, Compliance, Cybersecurity, Europe, Foundational (100), Global Security News, privacy, Risk Management, Security, Identity, & Compliance

AWS renews the GSMA SAS-SM certification for two AWS Regions and expands to cover four new Regions

Amazon Web Services (AWS) is pleased to announce the expansion of GSMA Security Accreditation Scheme for Subscription Management (SAS-SM) certification to four new AWS Regions: US West (Oregon), Europe (Frankfurt), Asia Pacific (Tokyo), and Asia Pacific (Singapore). Additionally, the AWS US East (Ohio) and Europe (Paris) Regions have been recertified. All certifications are under the…

Read more →

AI, Announcements, Compliance, Cybersecurity, Europe, Foundational (100), Global Security News, privacy, Risk Management, Security, Identity, & Compliance

AWS renews the GSMA SAS-SM certification for two AWS Regions and expands to cover four new Regions

Amazon Web Services (AWS) is pleased to announce the expansion of GSMA Security Accreditation Scheme for Subscription Management (SAS-SM) certification to four new AWS Regions: US West (Oregon), Europe (Frankfurt), Asia Pacific (Tokyo), and Asia Pacific (Singapore). Additionally, the AWS US East (Ohio) and Europe (Paris) Regions have been recertified. All certifications are under the…

Read more →

Advanced (300), AI, Apps, Compliance, Global Security News, Identity & Compliance, Risk Management, Security, Identity, & Compliance

Exploring common centralized and decentralized approaches to secrets management

One of the most common questions about secrets management strategies on Amazon Web Services (AWS) is whether an organization should centralize its secrets. Though this question is often focused on whether secrets should be centrally stored, there are four aspects of centralizing the secrets management process that need to be considered: creation, storage, rotation, and…

Read more →

Advanced (300), AI, Apps, Compliance, Global Security News, Identity & Compliance, Risk Management, Security, Identity, & Compliance

Exploring common centralized and decentralized approaches to secrets management

One of the most common questions about secrets management strategies on Amazon Web Services (AWS) is whether an organization should centralize its secrets. Though this question is often focused on whether secrets should be centrally stored, there are four aspects of centralizing the secrets management process that need to be considered: creation, storage, rotation, and…

Read more →

AI, Announcements, Compliance, Cybersecurity, Foundational (100), Global Security News, privacy, Risk Management, Security, Identity, & Compliance

Fall 2025 SOC 1, 2, and 3 reports are now available with 185 services in scope

Amazon Web Services (AWS) is pleased to announce that the Fall 2025 System and Organization Controls (SOC) 1, 2, and 3 reports are now available. The reports cover 185 services over the 12-month period from October 1, 2024–September 30, 2025, giving customers a full year of assurance. These reports demonstrate our continuous commitment to adhering to…

Read more →

AI, Announcements, Compliance, Cybersecurity, Foundational (100), Global Security News, privacy, Risk Management, Security, Identity, & Compliance

Fall 2025 SOC 1, 2, and 3 reports are now available with 185 services in scope

Amazon Web Services (AWS) is pleased to announce that the Fall 2025 System and Organization Controls (SOC) 1, 2, and 3 reports are now available. The reports cover 185 services over the 12-month period from October 1, 2024–September 30, 2025, giving customers a full year of assurance. These reports demonstrate our continuous commitment to adhering to…

Read more →

AI, Announcements, Apps, Compliance, Compliance reports, Cybersecurity, Data Security, Global Security News, OSCAL, PCI, privacy, Risk Management

Fall 2025 PCI DSS compliance package available now

Amazon Web Services (AWS) is pleased to announce that two additional AWS services and one additional AWS Region have been added to the scope of our Payment Card Industry Data Security Standard (PCI DSS) certification: Newly added services: AWS Security Incident Response AWS Transform Newly added AWS Region: Asia Pacific (Taipei) This certification allows customers…

Read more →

AI, Announcements, Apps, Compliance, Compliance reports, Cybersecurity, Data Security, Global Security News, OSCAL, PCI, privacy, Risk Management

Fall 2025 PCI DSS compliance package available now

Amazon Web Services (AWS) is pleased to announce that two additional AWS services and one additional AWS Region have been added to the scope of our Payment Card Industry Data Security Standard (PCI DSS) certification: Newly added services: AWS Security Incident Response AWS Transform Newly added AWS Region: Asia Pacific (Taipei) This certification allows customers…

Read more →

AI, Announcements, Apps, Compliance, Compliance reports, Cybersecurity, Data Security, Global Security News, OSCAL, PCI, privacy, Risk Management

Fall 2025 PCI DSS compliance package available now

Amazon Web Services (AWS) is pleased to announce that two additional AWS services and one additional AWS Region have been added to the scope of our Payment Card Industry Data Security Standard (PCI DSS) certification: Newly added services: AWS Security Incident Response AWS Transform Newly added AWS Region: Asia Pacific (Taipei) This certification allows customers…

Read more →

AI, Announcements, Apps, Compliance, Compliance reports, Cybersecurity, Data Security, Global Security News, OSCAL, PCI, privacy, Risk Management

Fall 2025 PCI DSS compliance package available now

Amazon Web Services (AWS) is pleased to announce that two additional AWS services and one additional AWS Region have been added to the scope of our Payment Card Industry Data Security Standard (PCI DSS) certification: Newly added services: AWS Security Incident Response AWS Transform Newly added AWS Region: Asia Pacific (Taipei) This certification allows customers…

Read more →

AI, Announcements, Europe, Foundational (100), Global Security News, Security, Identity, & Compliance, Uncategorized

AWS named Leader in the 2025 ISG report for Sovereign Cloud Infrastructure Services (EU)

For the third year in a row, Amazon Web Services (AWS) is named as a Leader in the Information Services Group (ISG) Provider LensTM Quadrant report for Sovereign Cloud Infrastructure Services (EU), published on January 9, 2026. ISG is a leading global technology research, analyst, and advisory firm that serves as a trusted business partner…

Read more →

AI, Announcements, Europe, Foundational (100), Global Security News, Security, Identity, & Compliance, Uncategorized

AWS named Leader in the 2025 ISG report for Sovereign Cloud Infrastructure Services (EU)

For the third year in a row, Amazon Web Services (AWS) is named as a Leader in the Information Services Group (ISG) Provider LensTM Quadrant report for Sovereign Cloud Infrastructure Services (EU), published on January 9, 2026. ISG is a leading global technology research, analyst, and advisory firm that serves as a trusted business partner…

Read more →

AI, Announcements, Europe, Foundational (100), Global Security News, Security, Identity, & Compliance, Uncategorized

AWS named Leader in the 2025 ISG report for Sovereign Cloud Infrastructure Services (EU)

For the third year in a row, Amazon Web Services (AWS) is named as a Leader in the Information Services Group (ISG) Provider LensTM Quadrant report for Sovereign Cloud Infrastructure Services (EU), published on January 9, 2026. ISG is a leading global technology research, analyst, and advisory firm that serves as a trusted business partner…

Read more →

AI, Announcements, Europe, Foundational (100), Global Security News, Security, Identity, & Compliance, Uncategorized

AWS named Leader in the 2025 ISG report for Sovereign Cloud Infrastructure Services (EU)

For the third year in a row, Amazon Web Services (AWS) is named as a Leader in the Information Services Group (ISG) Provider LensTM Quadrant report for Sovereign Cloud Infrastructure Services (EU), published on January 9, 2026. ISG is a leading global technology research, analyst, and advisory firm that serves as a trusted business partner…

Read more →

AI, Amazon GuardDuty, APAC, Compliance, Cybersecurity, Endpoint, Global Security News, Network Security, Security, Identity, & Compliance

GuardDuty Extended Threat Detection uncovers cryptomining campaign on Amazon EC2 and Amazon ECS

Amazon GuardDuty and our automated security monitoring systems identified an ongoing cryptocurrency (crypto) mining campaign beginning on November 2, 2025. The operation uses compromised AWS Identity and Access Management (IAM) credentials to target Amazon Elastic Container Service (Amazon ECS) and Amazon Elastic Compute Cloud (Amazon EC2). GuardDuty Extended Threat Detection was able to correlate signals…

Read more →

AI, Apps, Best Practices, Endpoint, Europe, Exploits, Global Security News, Network Security, Risk Management, Russia, Security Blog, Security, Identity, & Compliance, Technical How-to, Thought Leadership

Amazon Threat Intelligence identifies Russian cyber threat group targeting Western critical infrastructure

As we conclude 2025, Amazon Threat Intelligence is sharing insights about a years-long Russian state-sponsored campaign that represents a significant evolution in critical infrastructure targeting: a tactical pivot where what appear to be misconfigured customer network edge devices became the primary initial access vector, while vulnerability exploitation activity declined. This tactical adaptation enables the same…

Read more →