This week, AWS hosted one of the biggest events in the cloud computing industry. During its annual event, AWS re:Invent 2022, AWS shared new features for its services, new solutions, and customer success stories. AWS also shared some of its plans for the next year. Also this week, social media giant, Meta was found guilty and had to pay €265 million due to a data scraping incident that took place in 2019. Meta admitted that third parties exploited a bug to gather the personal information of 533 million users. This week, CISA added two new vulnerabilities to its Known Exploited Vulnerability Catalog, affecting Oracle Fusion Middleware and Google Chrome.
AWS re:Invent 2022 at a glance
AWS re:Invent 2022 took place in Las Vegas and the cloud giant introduced its roadmap, new plans, products, features, and more. During the event, Swami Sivasubramanian, Vice President of AWS Database, Analytics, and Machine Learning introduced new AWS offerings relating to database, analytics, and machine learning. Also, Mykhailo Fedorov, Ukraine’s Minister of Digital Transformation described how technology has helped Ukraine fight, survive, and plan for a time when the conflict ends. During another presentation, Werner Vogels, CTO of Amazon introduced CodeCatalyst, a new service that brings the tools software development teams need to build and deliver applications together on AWS.
Meta fined $275.5 million due to Facebook data scraping incident
An investigation started on 14 April 2021 by the Data Protection Commission has now concluded. It started with a discovery of datasets from Facebook users that have been released online. Facebook stated that the data was gathered by exploiting a flaw in its Contact Import and it was fixed in 2019. DPC decided that Meta infringed Articles 25(1) and 25(2) of the GDPR and fined the company $275.5 million and demanded the company make changes to protect its users’ data. The dataset includes personal information, phone numbers, Facebook IDs, names, genders, locations, relationship statuses, occupations, dates of birth, and email addresses.
CISA pinpoints critical Oracle Fusion Middleware vulnerability
This week the Cybersecurity and Infrastructure Security Agency has added two vulnerabilities to its Known Exploited Vulnerabilities Catalog. One of them is found in Google Chrome. The heap buffer overflow vulnerability allows a remote attacker who has compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. The other vulnerability impacts Oracle Access Manager and has a CVSS score of 9.8. Oracle Fusion Middleware Access Manager allows an unauthenticated attacker with network access via HTTP to take over the Access Manager product.
Let’s Encrypt achieved 3 billion certificates
Internet Security Research Group published its 2022 Annual Report, revealing statistics about Let’s Encrypt. In 2022 achieved two major milestones: the issuance of its three billionth certification and reaching 300 million active domains. According to the report, Let’s Encrypt had 2.5 million average daily issuances during 2022. As of November 1st of 2022, the maximum number of daily issuances in 2022 was 3.1 million. On average, Let’s Encrypt issues 30 certificates per second during 2022.
Oracle Linux 9.1 comes with new tools
Oracle announced the release of Oracle Linux 9.1, which is 100% application binary compatible with Red Hat Enterprise Linux 9.1. Oracle Linux 9.1 comes with the Unbreakable Enterprise Kernel Release 7, which is based on the upstream Linux Kernel 5.15 and supported on Oracle Linux 9 and Oracle Linux 8. The latest version reintroduces Application Stream modules. It also includes bug and security fixes, and feature updates. UEK R7 continues to maintain and grant support for the btrfs file system.
Red Hat developers are working on a new Composefs file system
Red Hat developers Giuseppe Scrivano and Alexander Larsson introduced a new project, named Composefs, which is a new method to construct and use read-only images that are used similarly to how users would use, for example, loop-back mounted squashfs images. Composefs is a native Linux file system designed to help sharing filesystem contents, as well as ensuring said content is not modified. Composefs has two fundamental features. It allows file data sharing between images, on disk and in page cache, and it has dm-verity like validation on read.
Dropbox to acquire Boxcryptor assets
Dropbox has signed an agreement with Boxcryptor to acquire several of its key assets. Dropbox aims to combine its easy-to-use solution and Boxcryptor’s encryption capabilities to be able to meet the customers’ evolving needs. Boxcryptor’s capabilities will be embedded natively within Dropbox’s paid plans to add an extra layer of security by encrypting files locally before syncing to Dropbox for business users. Boxcryptor also said that all of its existing users and customers will remain with the German Secomba GmbH and no data will be migrated to Dropbox.