I'm 17 just getting into cybersecurity, I don't really know much of all anything yet and don't know what certs are worth getting. I was thinking of getting CompTIA A+, sec+, net+ and aws. Are any of those a waste of time? I see some people say A+ isn't worth it but just to gain the knowledge I was going to get it. submitted by /u/Brett_Sharp08 [link] [comments]
Amazon Prime Day 2025 achieved record-breaking sales with enhanced AI shopping features, while AWS infrastructure handled unprecedented volumes of data - including 1.7 trillion Lambda invocations per day, DynamoDB peaking at 151 million requests per second, and a 77% increase in Fargate container tasks - showcasing the massive scalability required to power the four-day shopping event.
I have two job opportunities. One as a security reviewer that has number of vendors working under you that will do VAPT,DLP and SOC that gives you reports and you have to review applications, WAF & Firewall and involve stakeholders to remediate or as Senior Network Security Lead at Accenture who will be working on Firewalls, WAF & AWS Security. What would be the best for future career? I have 7 years of experience. submitted by /u/Pristine_Tale_4459 [link] [comments]
On the day AWS Kiro was released, I couldn't resist putting it through some of my Month of AI Bugs security tests for coding agents. AWS Kiro was vulnerable to arbitrary command execution via indirect prompt injection. This means that a remote attacker, who controls data that Kiro processes, could hijack it to run arbitrary operating system commands or write and run custom code. In particular two attack paths that enabled this with AWS Kiro were identified:
Flaw in one of AWS's security tools allowed for public cloud storage to go undetected. submitted by /u/jsonpile [link] [comments]
As I was preparing for this week's roundup, I couldn't help but reflect on how database technology has evolved over the past decade. It's fascinating to see how architectural decisions made years ago continue to shape the way we build modern applications. This week brings a special milestone that perfectly captures this evolution in cloud
submitted by /u/digicat [link] [comments]
On August 21, 2025, an influx of traffic directed toward clients hosted in AWS us-east-1 caused severe congestion on links between Cloudflare and us-east-1. In this post, we explain the details.
Critical vulnerabilities in MCPs, stealthily enumerating AWS resources, a North Korean government hacker's computer was pwned, backdoors & campaigns leaked
New AWS Bedrock keys simplify authentication while raising security considerations.
https://www.helpnetsecurity.com/2025/08/21/aws-s3-public-bucket-warning-alert-trusted-advisor/ submitted by /u/tekz [link] [comments]
We were a small but quickly growing startup and security always felt like the weak link in our stack. Our team lived in the cloud, juggling SaaS tools, AWS workloads, and a few legacy pieces still stuck on prem. It worked, but it also felt like anyone with the right key could slip through. We knew we needed zero trust, but actually picking a path was like opening Pandora's box. SASE, SD WAN, private backbone, managed detection. The acronyms alone could give you a headache. We did our homework....
submitted by /u/m_jax [link] [comments]
Widespread migrations, downtime and AI uncertainty result in missed opportunities for cost savings and risk reduction for organizations Caylent, an Amazon Web Services (AWS) Premier Tier Services Partner, today published the results of its 2025 Database Migration survey revealing significant challenges in enterprise database modernization efforts. The survey found only...
The Amazon Q Developer VS Code Extension (Amazon Q) is a popular coding agent, with over 1 million downloads. The extension is vulnerable to indirect prompt injection, and in this post we discuss a vulnerability that allowed an adversary (or also the AI for that matter) to run arbitrary commands on the host without the developer's consent. The resulting impact of the vulnerability is the same as CVE-2025-53773 that Microsoft fixed in GitHub Copilot, however AWS did not issue a CVE when patching...
Amazon Web Services (AWS) is pleased to announce its successful completion of the NHS Data Security and Protection Toolkit (NHS DSPT) assessment audit and achieving a status of Standards Exceeded. The NHS DSPT is an assessment that allows organizations to measure their performance against the National Data Guardian's 10 data security standards. All organizations that
We use Lucidchart to diagram our architecture. We recently moved a bulk of our backend workloads from AWS EKS to Railway. Lucidchart and friends don't have templates for Railway so need to make our own. Regardless of the vendor, in your experience, how much details is needed for the diagram? Everything is documented of course, but the visuals is where we could spend a ton of time and then have to maintain the updates. submitted by /u/jgwerner12 [link] [comments]
submitted by /u/RedTermSession [link] [comments]
Discover how attackers could quietly enumerate AWS resources via Resource Explorer, and how Datadog and AWS worked together to close the visibility gap.
Hello, I've been in the cybersecurity industry for 10 years. I've worked in cloud security, SIEM administration, vulnerability management, and endpoint security across many different sectors. I'm certified in Microsoft, AWS, and CEH. I've noticed that the industry's demand (and its decreasing demand) is now for specialists, and that generalists like me are no longer wanted. I chose cloud security as my primary specialization, but job opportunities in this field are relatively few. I'm...