Security

Clipboard Pictures Exfiltration in Python Infostealer, (Wed, Oct 15th)

Leave a comment
This post was originally published on this site

For a while, clipboard content has been monitored by many infostealers. Purposes can be multiple, like simply searching and exfiltrating juicy data or on-the-fly modification like crypto-wallet swapping[1]. Note that the clipboard is a major risk when you don't disable clipboard sharing between your virtual machines and hosts. A malware running in a sandbox will access your (host) clipboard without problem!

AWS

Introducing Amazon EBS Volume Clones: Create instant copies of your EBS volumes

Leave a comment
This post was originally published on this site

 

As someone that used to work at Sun Microsystems, where ZFS was invented, I’ve always loved working with storage systems that offer instant volume copies for my development and testing needs.

Today, I’m excited to share that AWS is bringing similar capabilities to Amazon Elastic Block Store (Amazon EBS) with the launch of Amazon EBS Volume Clones, a new capability that lets you create instant point-in-time copies of your EBS volumes within the same Availability Zone.

Many customers need to create copies of their production data to support development and testing activities in a separate nonproduction environment. Until now, this process required taking an EBS snapshot (stored in Amazon Simple Storage Service (Amazon S3)) and then creating a new volume from that snapshot. Although this approach works, the process creates operational overhead due to multiple steps.

With Amazon EBS Volume Clones, you can now create copies of your EBS volumes with a single API call or console click. The copied volumes are available within seconds and provide immediate access to your data with single-digit millisecond latency. This makes Volume Clones particularly useful for quickly setting up test environments with production data or creating temporary copies of databases for development purposes.

Let me show you how Volume Clones works
For this post, I created a small Amazon Elastic Compute Cloud (Amazon EC2) instance, with an attached volume. I created a file on the root file system with the command echo "Hello CopyVolumes" > hello.txt.

To initiate the copy, I open a browser on the AWS Management Console and I navigate to EC2, Elastic Block Store, Volumes. I select the volume I want to copy.

Note that, at the time of publication of this post, only encrypted volumes can be copied.

On the Actions menu, I choose the Copy Volume option.

Copy Volume - initiate

Next, I choose the details of the target volume. I can change the Volume type and adjust the Size, IOPS, and Throughput parameters. I choose Copy volume to start the Volume Clone operation.

Copy Volume - Parameters

The copied volume enters the Creating state and becomes available within seconds. I can then attach it to an EC2 instance and start using it immediately.

Data blocks are copied from the source volume and written to the volume copy in the background. The volume remains in the Initializing state until the process is complete. I can monitor its progress with the describe-volume-status API. The initializing operation doesn’t affect the performance of the source volume. I can continue using it normally during the copy process.

I love that the copied volume is available immediately. I don’t need to wait for its initialization to complete. During the initialization phase, my copied volume delivers performance based on the lowest of: a baseline of 3,000 IOPS and 125 MiB/s, the source volume’s provisioned performance, or the copied volume’s provisioned performance.

After initialization is completed, the copied volume becomes fully independent of the source volume and delivers its full provisioned performance.

Copy Volume - InitializingAlternatively, I can use the AWS Command Line Interface (AWS CLI) to initiate the copy:

aws ec2 copy-volumes                          
     --source-volume-id vol-1234567890abcdef0 
     --size 500                               
     --volume-type gp3

After the volume copy is created, I attach it to my EC2 instance and mount it. I can check the file I created at start is present.

First, I attach the volume from my laptop, using the attach-volume command:

aws ec2 attach-volume 
         --volume-id 'vol-09b700e3a23a9b4ad' 
         --instance-id 'i-079e6504ad25b029e'   
         --device '/dev/sdb'

Then, I connect to the instance, and I type these commands:

$ sudo lsblk -f
NAME          FSTYPE FSVER LABEL UUID                                 FSAVAIL FSUSE% MOUNTPOINTS
nvme0n1                                                                              
├─nvme0n1p1   xfs          /     49e26d9d-0a9d-4667-b93e-a23d1de8eacd    6.2G    22% /
└─nvme0n1p128 vfat   FAT16       3105-2F44                               8.6M    14% /boot/efi
nvme1n1                                                                              
├─nvme1n1p1   xfs          /     49e26d9d-0a9d-4667-b93e-a23d1de8eacd                
└─nvme1n1p128 vfat   FAT16       3105-2F44     

$ sudo mount -t xfs /dev/nvme1n1p1 /data

$ df -h
Filesystem        Size  Used Avail Use% Mounted on
devtmpfs          4.0M     0  4.0M   0% /dev
tmpfs             924M     0  924M   0% /dev/shm
tmpfs             370M  476K  369M   1% /run
/dev/nvme0n1p1    8.0G  1.8G  6.2G  22% /
tmpfs             924M     0  924M   0% /tmp
/dev/nvme0n1p128   10M  1.4M  8.7M  14% /boot/efi
tmpfs             185M     0  185M   0% /run/user/1000
/dev/nvme1n1p1    8.0G  1.8G  6.2G  22% /data

$ cat /data/home/ec2-user/hello.txt 
Hello CopyVolumes

Things to know
Volume Clones creates copies within the same Availability Zone as your source volume. You can create copies from encrypted volumes only, and the size of your copy must be equal to or greater than the source volume.

Volume Clones creates crash-consistent copies of your volumes, exactly like snapshots. For application consistency, you need to pause application I/O operations before creating the copy. For example, with PostgreSQL databases, you can use the pg_start_backup() and pg_stop_backup() functions to pause writes and create a consistent copy. At the operating system level on Linux with XFS, you can use the xfs_freeze command to temporarily suspend and resume access to the file system and ensure all cached updates are written to disk.

Although Volume Clones creates point-in-time copies, it complements rather than replaces EBS snapshots for backup purposes. EBS snapshots remain the recommended solution for data backup and protection against AZ-level and volume failures. Snapshots provide incremental backups to Amazon S3 with 11 nines of durability, compared to Volume Clones which maintains EBS volume durability (99.999% for io2, 99.9% for other volume types). Consider using Volume Clones specifically for test and development environment scenarios where you need instant access to volume copies.

Copied volumes exist independently of their source volumes and continue to incur standard EBS volume charges until you delete them. To manage costs effectively, implement governance rules to identify and remove copied volumes that are no longer needed for your development or testing activities.

Pricing and availability
Volume Clones supports all EBS volume types and works with volumes in the same AWS account and Availability Zone. This new capability is available in all AWS commercial Regions, selected Local Zones, and in the AWS GovCloud (US).

For pricing, you’re charged a one-time fee per GiB of data on the source volume at initiation and standard EBS pricing for the new volume.

I find Volume Clones particularly valuable for database workloads and continuous integration (CI) scenarios. For instance, you can quickly create a copy of your production database for testing new features or troubleshooting issues without impacting your production environment or waiting for data to hydrate from Amazon S3.

To get started with Amazon EBS Volume Clones, visit the Amazon EBS section on the console or check out the EBS documentation. I look forward to hearing how you use this capability to improve your development workflows.

— seb

AWS

AWS Transfer Family SFTP connectors now support VPC-based connectivity

Leave a comment
This post was originally published on this site

Many organizations rely on the Secure File Transfer Protocol (SFTP) as the industry standard for exchanging critical business data. Traditionally, securely connecting to private SFTP servers required custom infrastructure, manual scripting, or exposing endpoints to the public internet.

Today, AWS Transfer Family SFTP connectors now support connectivity to remote SFTP servers through Amazon Virtual Private Cloud (Amazon VPC) environments. You can transfer files between Amazon Simple Storage Service (Amazon S3) and private or public SFTP servers while applying the security controls and network configurations already defined in your VPC. This capability helps you integrate data sources across on-premises environments, partner-hosted private servers, or internet-facing endpoints, with the operational simplicity of a fully managed Amazon Web Services (AWS) service.

New capabilities with SFTP connectors
The following are the key enhancements:

  • Connect to private SFTP servers – SFTP connectors can now reach endpoints that are only accessible within your AWS VPC connection. These include servers hosted in your VPC or a shared VPC, on-premises systems connected over AWS Direct Connect, and partner-hosted servers connected through VPN tunnels.
  • Security and compliance – All file transfers are routed through the security controls already applied in your VPC, such as AWS Network Firewall or centralized ingress and egress inspection. Private SFTP servers remain private and don’t need to be exposed to the internet. You can also present static Elastic IP or bring your own IP (BYOIP) addresses to meet partner allowlist requirements.
  • Performance and simplicity – By using your own network resources such as NAT gateways, AWS Direct Connect or VPN connections, connectors can take advantage of higher bandwidth capacity for large-scale transfers. You can configure connectors in minutes through the AWS Management Console,  AWS Command Line Interface (AWS CLI), or AWS SDKs without building custom scripts or third-party tools.

How VPC- based SFTP connections work
SFTP connectors use Amazon VPC Lattice resources to establish secure connectivity through your VPC. Key constructs include a resource configuration and a resource gateway. The resource configuration represents the target SFTP server, which you specify using a private IP address or public DNS name. The resource gateway provides SFTP connector access to these configurations, enabling file transfers to flow through your VPC and its security controls.

The following architecture diagram illustrates how traffic flows between Amazon S3 and remote SFTP servers. As shown in the architecture, traffic flows from Amazon S3 through the SFTP connector into your VPC. A resource gateway is the entry point that handles inbound connections from the connector to your VPC resources. Outbound traffic is routed through your configured egress path, using Amazon VPC NAT gateways with Elastic IPs for public servers or AWS Direct Connect and VPN connections for private servers. You can use existing IP addresses from your VPC CIDR range, simplifying partner server allowlists. Centralized firewalls in the VPC enforce security policies, and customer-owned NAT gateways provide higher bandwidth for large-scale transfers.

When to use this feature
With this capability, developers and IT administrators can simplify workflows while meeting security and compliance requirements across a range of scenarios:

  • Hybrid environments – Transfer files between Amazon S3 and on-premises SFTP servers using AWS Direct Connect or AWS Site-to-Site VPN, without exposing endpoints to the internet.
  • Partner integrations – Connect with business partners’ SFTP servers that are only accessible through private VPN tunnels or shared VPCs. This avoids building custom scripts or managing third-party tools, reducing operational complexity.
  • Regulated industries – Route file transfers through centralized firewalls and inspection points in VPCs to comply with financial services, government, or healthcare security requirements.
  • High-throughput transfers – Use your own network configurations such as NAT gateways, AWS Direct Connect, or VPN connections with Elastic IP or BYOIP to handle large-scale, high-bandwidth transfers while retaining IP addresses already on partner allowlists.
  • Unified file transfer solution – Standardize on Transfer Family for both internal and external SFTP connectivity, reducing fragmentation across file transfer tools.

Start building with SFTP connectors
To begin transferring files with SFTP connectors through my VPC environment, I follow these steps:

First, I configure my VPC Lattice resources. In the Amazon VPC console, under PrivateLink and Lattice in the navigation pane, I choose Resource gateways, choose Create resource gateway to create one to act as the ingress point into my VPC. Next, under PrivateLink and Lattice in the navigation pane, I choose Resource configuration and choose Create resource configuration to create a resource configuration for my target SFTP server. Specify the private IP address or public DNS name, and the port (typically 22).

Then, I configure AWS Identity and Access Management (IAM) permissions. I ensure that the IAM role used for connector creation has transfer:* permissions, and VPC Lattice permissions (vpc-lattice:CreateServiceNetworkResourceAssociation, vpc-lattice:GetResourceConfiguration, vpc-lattice:AssociateViaAWSService). I update the trust policy on the IAM role to specify transfer.amazonaws.com as a trusted principal. This enables AWS Transfer Family to assume the role when creating and managing my SFTP connectors.

After that, I create an SFTP connector through the AWS Transfer Family console. I choose SFTP Connectors and then choose Create SFTP connector. In the Connector configuration section, I select VPC Lattice as the egress type, then provide the Amazon Resource Name (ARN) of the Resource Configuration, Access role, and Connector credentials. Optionally, include a trusted host key for enhanced security, or override the default port if my SFTP server uses a nonstandard port.

Next, I test the connection. On the Actions menu, I choose Test connection to confirm that the connector can reach the target SFTP server.

Finally, after the connector status is ACTIVE, I can begin file operations with my remote SFTP server programmatically by calling Transfer Family APIs such as StartDirectoryListing, StartFileTransfer, StartRemoteDelete, or StartRemoteMove. All traffic is routed through my VPC using my configured resources such as NAT gateways, AWS Direct Connect, or VPN connections together with my IP addresses and security controls.

For the complete set of options and advanced workflows, refer to the AWS Transfer Family documentation.

Now available

SFTP connectors with VPC-based connectivity are now available in 21 AWS Regions. Check the AWS Services by Region for the latest supported AWS Regions. You can now securely connect AWS Transfer Family SFTP connectors to private, on-premises, or internet-facing servers using your own VPC resources such as NAT gateways, Elastic IPs, and network firewalls.

Betty

Security

Microsoft Patch Tuesday October 2025, (Tue, Oct 14th)

Leave a comment
This post was originally published on this site

I am experimenting today with a little bit of a cleaned-up patch overview. I removed vulnerabilities that affect Microsoft's cloud systems (but appreciate Microsoft listing them at all), as well as vulnerabilities in third-party software like open source libraries. This should leave us with Microsoft-specific on-premises vulnerabilities. This month, this leaves 157 different vulnerabilities. Eight of the vulnerabilities are rated critical.

This month, Microsoft is discontinuing support for a number of different products:

  • Windows 10
  • Office 2016
  • Exchange Server 2016
  • Office 2019
  • Exchange Server 2019

Office and Exchange users are directed towards cloud and subscription offerings. For Office, you still have Office 2024 available if you would rather "own" the product. For Exchange, the Exchange Server Subscription Edition is available as of July.

Windows 10 users will have the option to sign up for "Extended Security Updates" (ESU). It has been offered as a low-cost alternative to retain security updates, and in some countries, it is offered for free.

Description
CVE Disclosed Exploited Exploitability (old versions) current version Severity CVSS Base (AVG) CVSS Temporal (AVG)
.NET Elevation of Privilege Vulnerability
%%cve:2025-55247%% No No Important 7.3 6.4
.NET, .NET Framework, and Visual Studio Information Disclosure Vulnerability
%%cve:2025-55248%% No No Important 4.8 4.2
ASP.NET Security Feature Bypass Vulnerability
%%cve:2025-55315%% No No Important 9.9 8.6
Configuration Manager Elevation of Privilege Vulnerability
%%cve:2025-55320%% No No Important 6.7 5.8
%%cve:2025-59213%% No No Important 8.4 7.3
Copilot Spoofing Vulnerability
%%cve:2025-59272%% No No Critical 6.5 5.7
%%cve:2025-59286%% No No Critical 6.5 5.7
Data Sharing Service Spoofing Vulnerability
%%cve:2025-59200%% No No Important 7.7 6.7
Desktop Windows Manager Elevation of Privilege Vulnerability
%%cve:2025-55681%% No No Important 7.0 6.1
DirectX Graphics Kernel Denial of Service Vulnerability
%%cve:2025-55698%% No No Important 7.7 6.7
DirectX Graphics Kernel Elevation of Privilege Vulnerability
%%cve:2025-55678%% No No Important 7.0 6.1
Internet Information Services (IIS) Inbox COM Objects (Global Memory) Remote Code Execution Vulnerability
%%cve:2025-59282%% No No Important 7.0 6.1
JDBC Driver for SQL Server Spoofing Vulnerability
%%cve:2025-59250%% No No Important 8.1 7.1
M365 Copilot Spoofing Vulnerability
%%cve:2025-59252%% No No Critical 6.5 5.7
MITRE CVE-2025-54957: Integer overflow in Dolby Digital Plus audio decoder
%%cve:2025-54957%% No No Important 7.0 6.1
MITRE: CVE-2025-59489 Unity Gaming Engine Editor vulnerability
%%cve:2025-59489%% No No Important 8.4 8.4
Microsoft Brokering File System Elevation of Privilege Vulnerability
%%cve:2025-48004%% No No Important 7.4 6.4
%%cve:2025-59189%% No No Important 7.4 6.4
Microsoft DWM Core Library Elevation of Privilege Vulnerability
%%cve:2025-58722%% No No Important 7.8 6.8
%%cve:2025-59254%% No No Important 7.8 6.8
Microsoft Defender for Linux Denial of Service Vulnerability
%%cve:2025-59497%% No No Important 7.0 6.1
Microsoft Excel Information Disclosure Vulnerability
%%cve:2025-59235%% No No Important 7.1 6.2
%%cve:2025-59232%% No No Important 7.1 6.2
Microsoft Excel Remote Code Execution Vulnerability
%%cve:2025-59231%% No No Important 7.8 6.8
%%cve:2025-59233%% No No Important 7.8 6.8
%%cve:2025-59236%% No No Critical 8.4 7.3
%%cve:2025-59243%% No No Important 7.8 6.8
%%cve:2025-59223%% No No Important 7.8 6.8
%%cve:2025-59224%% No No Important 7.8 6.8
%%cve:2025-59225%% No No Important 7.8 6.8
Microsoft Exchange Server Elevation of Privilege Vulnerability
%%cve:2025-53782%% No No Important 8.4 7.3
%%cve:2025-59249%% No No Important 8.8 7.7
Microsoft Exchange Server Spoofing Vulnerability
%%cve:2025-59248%% No No Important 7.5 6.5
Microsoft Failover Cluster Information Disclosure Vulnerability
%%cve:2025-47979%% No No Important 5.5 4.8
%%cve:2025-59188%% No No Important 5.5 4.8
Microsoft Failover Cluster Virtual Driver Information Disclosure Vulnerability
%%cve:2025-59260%% No No Important 5.5 4.8
Microsoft Graphics Component Denial of Service Vulnerability
%%cve:2025-59195%% No No Important 7.0 6.1
Microsoft Graphics Component Elevation of Privilege Vulnerability
%%cve:2025-49708%% No No Critical 9.9 8.6
Microsoft Office Denial of Service Vulnerability
%%cve:2025-59229%% No No Important 5.5 4.8
Microsoft Office Remote Code Execution Vulnerability
%%cve:2025-59234%% No No Critical 7.8 6.8
%%cve:2025-59227%% No No Critical 7.8 6.8
Microsoft Office Visio Remote Code Execution Vulnerability
%%cve:2025-59226%% No No Important 7.8 6.8
Microsoft PowerPoint Remote Code Execution Vulnerability
%%cve:2025-59238%% No No Important 7.8 6.8
Microsoft SharePoint Remote Code Execution Vulnerability
%%cve:2025-59228%% No No Important 8.8 7.7
%%cve:2025-59237%% No No Important 8.8 7.7
Microsoft Windows File Explorer Spoofing Vulnerability
%%cve:2025-58739%% No No Important 6.5 5.7
%%cve:2025-59214%% No No Important 6.5 5.7
Microsoft Word Remote Code Execution Vulnerability
%%cve:2025-59221%% No No Important 7.0 6.1
%%cve:2025-59222%% No No Important 7.8 6.8
NTLM Hash Disclosure Spoofing Vulnerability
%%cve:2025-59185%% No No Important 6.5 5.7
%%cve:2025-59244%% No No Important 6.5 5.7
Network Connection Status Indicator (NCSI) Elevation of Privilege Vulnerability
%%cve:2025-59201%% No No Important 7.8 6.8
NtQueryInformation Token function (ntifs.h) Elevation of Privilege Vulnerability
%%cve:2025-55696%% No No Important 7.8 6.8
Playwright Spoofing Vulnerability
%%cve:2025-59288%% No No Moderate 5.3 4.9
PowerShell Elevation of Privilege Vulnerability
%%cve:2025-25004%% No No Important 7.3 6.4
Remote Desktop Client Remote Code Execution Vulnerability
%%cve:2025-58718%% No No Important 8.8 7.7
Remote Desktop Protocol Remote Code Execution Vulnerability
%%cve:2025-58737%% No No Important 7.0 6.1
Remote Procedure Call Denial of Service Vulnerability
%%cve:2025-59502%% No No Moderate 7.5 6.5
Software Protection Platform (SPP) Elevation of Privilege Vulnerability
%%cve:2025-59199%% No No Important 7.8 6.8
Storage Spaces Direct Information Disclosure Vulnerability
%%cve:2025-59184%% No No Important 5.5 4.8
Storport.sys Driver Elevation of Privilege Vulnerability
%%cve:2025-59192%% No No Important 7.8 6.8
Virtual Secure Mode Spoofing Vulnerability
%%cve:2025-48813%% No No Important 6.3 5.5
Visual Studio Elevation of Privilege Vulnerability
%%cve:2025-55240%% No No Important 7.3 6.4
Windows Active Directory Federation Services (ADFS) Information Disclosure Vulnerability
%%cve:2025-59258%% No No Important 6.2 5.4
Windows Agere Modem Driver Elevation of Privilege Vulnerability
%%cve:2025-24990%% No Yes Important 7.8 7.2
%%cve:2025-24052%% Yes No Important 7.8 7.0
Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability
%%cve:2025-59242%% No No Important 7.8 6.8
%%cve:2025-58714%% No No Important 7.8 6.8
Windows Authentication Elevation of Privilege Vulnerability
%%cve:2025-55701%% No No Important 7.8 6.8
%%cve:2025-59277%% No No Important 7.8 6.8
%%cve:2025-59275%% No No Important 7.8 6.8
%%cve:2025-59278%% No No Important 7.8 6.8
Windows BitLocker Security Feature Bypass Vulnerability
%%cve:2025-55333%% No No Important 6.1 5.3
%%cve:2025-55338%% No No Important 6.1 5.3
%%cve:2025-55330%% No No Important 6.1 5.3
%%cve:2025-55332%% No No Important 6.1 5.3
%%cve:2025-55337%% No No Important 6.1 5.3
%%cve:2025-55682%% No No Important 6.1 5.3
Windows Bluetooth Service Elevation of Privilege Vulnerability
%%cve:2025-58728%% No No Important 7.8 6.8
%%cve:2025-59290%% No No Important 7.8 6.8
%%cve:2025-59289%% No No Important 7.0 6.1
Windows COM+ Event System Service Elevation of Privilege Vulnerability
%%cve:2025-58725%% No No Important 7.0 6.1
Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability
%%cve:2025-55680%% No No Important 7.8 6.8
Windows Cloud Files Mini Filter Driver Information Disclosure Vulnerability
%%cve:2025-55336%% No No Important 5.5 4.8
Windows Connected Devices Platform Service (Cdpsvc) Remote Code Execution Vulnerability
%%cve:2025-55326%% No No Important 7.5 6.5
Windows Connected Devices Platform Service Elevation of Privilege Vulnerability
%%cve:2025-58719%% No No Important 4.7 4.1
%%cve:2025-58727%% No No Important 7.0 6.1
%%cve:2025-59191%% No No Important 7.8 6.8
Windows Cryptographic Services Information Disclosure Vulnerability
%%cve:2025-58720%% No No Important 7.8 6.8
Windows DWM Core Library Elevation of Privilege Vulnerability
%%cve:2025-59255%% No No Important 7.8 6.8
Windows Device Association Broker Service Elevation of Privilege Vulnerability
%%cve:2025-50174%% No No Important 7.0 6.1
%%cve:2025-55677%% No No Important 7.8 6.8
Windows Digital Media Elevation of Privilege Vulnerability
%%cve:2025-53150%% No No Important 7.8 6.8
%%cve:2025-50175%% No No Important 7.8 6.8
Windows ETL Channel Information Disclosure Vulnerability
%%cve:2025-59197%% No No Important 5.5 4.8
Windows Error Reporting Service Elevation of Privilege Vulnerability
%%cve:2025-55692%% No No Important 7.8 6.8
%%cve:2025-55694%% No No Important 7.8 6.8
Windows Graphics Component Elevation of Privilege Vulnerability
%%cve:2025-59205%% No No Important 7.0 6.1
%%cve:2025-59261%% No No Important 7.0 6.1
Windows Health and Optimized Experiences Elevation of Privilege Vulnerability
%%cve:2025-59241%% No No Important 7.8 6.8
Windows Hello Security Feature Bypass Vulnerability
%%cve:2025-53139%% No No Important 7.7 6.7
Windows Hyper-V Elevation of Privilege Vulnerability
%%cve:2025-55328%% No No Important 7.8 6.8
Windows Kernel Elevation of Privilege Vulnerability
%%cve:2025-59207%% No No Important 7.8 6.8
%%cve:2025-50152%% No No Important 7.8 6.8
%%cve:2025-55693%% No No Important 7.4 6.4
%%cve:2025-59187%% No No Important 7.8 6.8
%%cve:2025-59194%% No No Important 7.0 6.1
Windows Kernel Information Disclosure Vulnerability
%%cve:2025-59186%% No No Important 5.5 4.8
%%cve:2025-55679%% No No Important 5.1 4.5
%%cve:2025-55683%% No No Important 5.5 4.8
%%cve:2025-55699%% No No Important 5.5 4.8
Windows Kernel Security Feature Bypass Vulnerability
%%cve:2025-55334%% No No Important 6.2 5.4
Windows Local Session Manager (LSM) Denial of Service Vulnerability
%%cve:2025-59257%% No No Important 6.5 5.7
%%cve:2025-59259%% No No Important 6.5 5.7
%%cve:2025-58729%% No No Important 6.5 5.7
Windows Management Services Elevation of Privilege Vulnerability
%%cve:2025-59193%% No No Important 7.0 6.1
Windows Management Services Information Disclosure Vulnerability
%%cve:2025-59204%% No No Important 5.5 4.8
Windows MapUrlToZone Information Disclosure Vulnerability
%%cve:2025-59208%% No No Important 7.1 6.2
Windows NTFS Elevation of Privilege Vulnerability
%%cve:2025-55335%% No No Important 7.4 6.4
Windows NTLM Spoofing Vulnerability
%%cve:2025-59284%% No No Important 3.3 2.9
Windows Network Driver Interface Specification Driver Elevation of Privilege Vulnerability
%%cve:2025-55339%% No No Important 7.8 6.8
Windows PrintWorkflowUserSvc Elevation of Privilege Vulnerability
%%cve:2025-55685%% No No Important 7.0 6.1
%%cve:2025-55686%% No No Important 7.0 6.1
%%cve:2025-55689%% No No Important 7.0 6.1
%%cve:2025-55331%% No No Important 7.0 6.1
%%cve:2025-55684%% No No Important 7.0 6.1
%%cve:2025-55688%% No No Important 7.0 6.1
%%cve:2025-55690%% No No Important 7.0 6.1
%%cve:2025-55691%% No No Important 7.0 6.1
Windows Push Notification Information Disclosure Vulnerability
%%cve:2025-59211%% No No Important 5.5 4.8
%%cve:2025-59209%% No No Important 5.5 4.8
Windows Remote Access Connection Manager Elevation of Privilege Vulnerability
%%cve:2025-59230%% No Yes Important 7.8 7.2
Windows Remote Desktop Protocol Security Feature Bypass
%%cve:2025-55340%% No No Important 7.0 6.1
Windows Remote Desktop Services Elevation of Privilege Vulnerability
%%cve:2025-59202%% No No Important 7.0 6.1
Windows Resilient File System (ReFS) Deduplication Service Elevation of Privilege Vulnerability
%%cve:2025-59206%% No No Important 7.4 6.4
%%cve:2025-59210%% No No Important 7.4 6.4
Windows Resilient File System (ReFS) Elevation of Privilege Vulnerability
%%cve:2025-55687%% No No Important 7.4 6.4
Windows Routing and Remote Access Service (RRAS) Information Disclosure Vulnerability
%%cve:2025-55700%% No No Important 6.5 5.7
%%cve:2025-58717%% No No Important 6.5 5.7
Windows SMB Client Tampering Vulnerability
%%cve:2025-59280%% No No Important 3.1 2.7
Windows SMB Server Elevation of Privilege Vulnerability
%%cve:2025-58726%% No No Important 7.5 6.5
Windows Search Service Denial of Service Vulnerability
%%cve:2025-59190%% No No Important 5.5 4.8
%%cve:2025-59198%% No No Important 5.0 4.4
%%cve:2025-59253%% No No Important 5.5 4.8
Windows Server Update Service (WSUS) Remote Code Execution Vulnerability
%%cve:2025-59287%% No No Critical 9.8 8.5
Windows Simple Search and Discovery Protocol (SSDP) Service Elevation of Privilege Vulnerability
%%cve:2025-59196%% No No Important 7.0 6.1
Windows Speech Runtime Elevation of Privilege Vulnerability
%%cve:2025-58715%% No No Important 8.8 7.7
%%cve:2025-58716%% No No Important 8.8 7.7
Windows State Repository API Server File Information Disclosure Vulnerability
%%cve:2025-59203%% No No Important 5.5 4.8
Windows Storage Management Provider Information Disclosure Vulnerability
%%cve:2025-55325%% No No Important 5.5 4.8
Windows Taskbar Live Preview Information Disclosure Vulnerability
%%cve:2025-59294%% No No Important 2.1 1.9
Windows URL Parsing Remote Code Execution Vulnerability
%%cve:2025-59295%% No No Important 8.8 7.7
Windows USB Video Class System Driver Information Disclosure Vulnerability
%%cve:2025-55676%% No No Important 5.5 4.8
Windows Virtualization-Based Security (VBS) Enclave Elevation of Privilege Vulnerability
%%cve:2025-53717%% No No Important 7.0 6.1
Windows WLAN AutoConfig Service Information Disclosure Vulnerability
%%cve:2025-55695%% No No Important 5.5 4.8
Xbox Gaming Services Elevation of Privilege Vulnerability
%%cve:2025-59281%% No No Important 7.8 6.8
Xbox IStorageService Elevation of Privilege Vulnerability
%%cve:2025-53768%% No No Important 7.8 6.8


Johannes B. Ullrich, Ph.D. , Dean of Research, SANS.edu
Twitter|

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

Security

Heads Up: Scans for ESAFENET CDG V5 , (Mon, Oct 13th)

Leave a comment
This post was originally published on this site

In January, a possible XSS vulnerability was found in the electronic document security management system ESAFENET CDG. This was the latest (as far as I can tell) in a long list of vulnerabilities in the product. Prior vulnerabilities included SQL injection issues and weaknesses in the encryption used to safeguard documents. In other words: A typical "secure" document management system. The product appears to be targeting the Chinese market, and with a website all in Chinese, I doubt it is used much, if at all, outside China.

AWS

AWS Weekly Roundup: Amazon Quick Suite, Amazon EC2, Amazon EKS, and more (October 13, 2025)

Leave a comment
This post was originally published on this site

This week I was at the inaugural AWS AI in Practice meetup from the AWS User Group UK. AI-assisted software development and agents were the focus of the evening! Next week I’ll be in Italy for Codemotion (Milan) and an AWS User Group meetup (Rome). I am also excited to try the new Amazon Quick Suite that brings AI-powered research, business intelligence, and automation capabilities into a single workspace.

Last week’s launches
Here are the launches that got my attention this week:

Additional updates
Here are some additional projects, blog posts, and news items that I found interesting:

Upcoming AWS events
Check your calendars so that you can sign up for these upcoming events:

  • AWS AI Agent Global Hackathon – This is your chance to dive deep into our powerful generative AI stack and create something truly awesome. From September 8th to October 20th, you have the opportunity to create AI agents using AWS suite of AI services, competing for over $45,000 in prizes and exclusive go-to-market opportunities.
  • AWS Gen AI Lofts – You can learn AWS AI products and services with exclusive sessions, meet industry-leading experts, and have valuable networking opportunities with investors and peers. Register in your nearest city: Paris (October 7–21), London (Oct 13–21), and Tel Aviv (November 11–19).
  • AWS Community Days – Join community-led conferences that feature technical discussions, workshops, and hands-on labs led by expert AWS users and industry leaders from around the world: Budapest (October 16).

Join the AWS Builder Center to learn, build, and connect with builders in the AWS community. Browse here upcoming in-person events, developer-focused events, and events for startups.

That’s all for this week. Check back next Monday for another Weekly Roundup!

Danilo

AWS

Announcing Amazon Quick Suite: your agentic teammate for answering questions and taking action

Leave a comment
This post was originally published on this site

Today, we’re announcing Amazon Quick Suite, a new agentic teammate that quickly answers your questions at work and turns those insights into actions for you. Instead of switching between multiple applications to gather data, find important signals and trends, and complete manual tasks, Quick Suite brings AI-powered research, business intelligence, and automation capabilities into a single workspace. You can now analyze data through natural language queries, find critical information across enterprise and external sources in minutes, and automate processes from simple tasks to complex multi-department workflows.

Here’s a look into Quick Suite.

Business users often need to gather data across multiple applications—pulling customer details, checking performance metrics, reviewing internal product information, and performing competitive intelligence. This fragmented process often requires consultation with specialized teams to analyze advanced datasets, and in some cases, must be repeated regularly, reducing efficiency and leading to incomplete insights for decision-making.

Quick Suite helps you overcome these challenges by combining agentic teammates for research, business intelligence, and automation into a unified digital workspace for your day-to-day work.

Integrated capabilities that power productivity 
Quick Suite includes the following integrated capabilities:

  • Research – Quick Research accelerates complex research by combining enterprise knowledge, premium third-party data, and data from the internet for more comprehensive insights.
  • Business intelligence – Quick Sight provides AI-powered business intelligence capabilities that transform data into actionable insights through natural language queries and interactive visualizations, helping everyone make faster decisions and achieve better business outcomes.
  • Automation – Quick Flows and Quick Automate help users and technical teams to automate any business process from simple, routine tasks to complex multi-department workflows, enabling faster execution and reducing manual work across the organization.

Let’s dive into some of these key capabilities.

Quick Index: Your unified knowledge foundation
Quick Index creates a secure, searchable repository that consolidates documents, files, and application data to power AI-driven insights and responses across your organization.

As a foundational component of Quick Suite, Quick Index operates in the background to bring together all your data—from databases and data warehouses to documents and email. This creates a single, intelligent knowledge base that makes AI responses more accurate and reduces time spent searching for information.

Quick Index automatically indexes and prepares any uploaded files or unstructured data you add to your Quick Suite, enabling efficient searching, sorting, and data access. For example, when you search for a specific project update, Quick Index instantly returns results from uploaded documents, meeting notes, project files, and reference materials—all from one unified search instead of checking different repositories and file systems.

To learn more, visit the Quick Index overview page.

Quick Research: From complex business challenges to expert-level insights
Quick Research is a powerful agent that conducts comprehensive research across your enterprise data and external sources to deliver contextualized, actionable insights in minutes or hours — work that previously could take longer.

Quick Research systematically breaks down complex questions into organized research plans. Starting with a simple prompt, it automatically creates detailed research frameworks that outline the approach and data sources needed for comprehensive analysis.

After Quick Research creates the plan, you can easily refine it through natural language conversations. When you are happy with the plan, it works in the background to gather information from multiple sources, using advanced reasoning to validate findings and provide thorough analysis with citations.

Quick Research integrates with your enterprise data connected to Quick Suite, the unified knowledge foundation that connects to your dashboards, documents, databases, and external sources, including Amazon S3, Snowflake, Google Drive, and Microsoft SharePoint. Quick Research grounds key insights to original sources and reveals clear reasoning paths, helping you verify accuracy, understand the logic behind recommendations, and present findings with confidence. You can trace findings back to their original sources and validate conclusions through source citations. This makes it ideal for complex topics requiring in-depth analysis.

To learn more, visit the Quick Research overview page.

Quick Sight: AI-powered business intelligence
Quick Sight provides AI-powered business intelligence capabilities that transform data into actionable insights through natural language queries and interactive visualizations.

You can create dashboards and executive summaries using conversational prompts, reducing dashboard development time while making advanced analytics accessible without specialized skills.

Quick Sight helps you ask questions about your data in natural language and receive instant visualizations, executive summaries, and insights. This generative AI integration provides you with answers from your dashboards and datasets without requiring technical expertise.

Using the scenarios capability, you can perform what-if analysis in natural language with step-by-step guidance, exploring complex business scenarios and finding answers faster than before.

Additionally, you can respond to insights with one-click actions by creating tickets, sending alerts, updating records, or triggering automated workflows directly from your dashboards without switching applications.

To learn more, visit Quick Sight overview page.

Quick Flows: Automation for everyone
With Quick Flows, any user can automate repetitive tasks by describing their workflow using natural language without requiring any technical knowledge. Quick Flows fetches information from internal and external sources, takes action in business applications, generates content, and handles process-specific requirements.

Starting with straightforward business requirements, it creates a multi-step flow including input steps for gathering information, reasoning groups for AI-powered processing, and output steps for generating and presenting results.

After the flow is configured, you can share it with a single click to your coworkers and other teams. To execute the flow, users can open it from the library or invoke it from chat, provide the necessary inputs, and then chat with the agent to refine the outputs and further customize the results.

To learn more, visit the Quick Flows overview page.

Quick Automate: Enterprise-scale process automation
Quick Automate helps technical teams build and deploy sophisticated automation for complex, multistep processes that span departments, systems, and third-party integrations. Using AI-powered natural language processing, Quick Automate transforms complex business processes into multi-agent workflows that can be created merely by describing what you want to automate or uploading process documentation.

While Quick Flows handles straightforward workflows, Quick Automate is designed for comprehensive and complex business processes like customer onboarding, procurement automations, or compliance procedures that involve multiple approval steps, system integrations, and cross-departmental coordination. Quick Automate offers advanced orchestration capabilities with extensive monitoring, debugging, versioning, and deployment features.

Quick Automate then generates a comprehensive automation plan with detailed steps and actions. You will find a UI agent that understands natural language instructions to autonomously navigate websites, complete form inputs, extract data, and produces structured outputs for downstream automation steps.

Additionally, you can define a custom agent, complete with instructions, knowledge, and tools, to complete process-specific tasks using the visual building experience – no code required.

Quick Automate includes enterprise-grade features such as user role management and human-in-the-loop capabilities that route specific tasks to users or groups for review and approval before continuing workflows. The service provides comprehensive observability with real-time monitoring, success rate tracking, and audit trails for compliance and governance.

To learn more, visit the Quick Automate overview page.

Additional foundational capabilities
Quick Suite includes other foundational capabilities that deliver seamless data organization and contextual AI interactions across your enterprise.

Spaces – Spaces provide a straightforward way for every business user to add their own context by uploading files or connecting to specific datasets and repositories specific to their work or to a particular function. For example, you might create a space for quarterly planning that includes budget spreadsheets, market research reports, and strategic planning documents. Or you could set up a product launch space that connects to your project management system and customer feedback databases. Spaces can scale from personal use to enterprise-wide deployment while maintaining access permissions and seamless integration with Quick Suite capabilities.

Chat agents – Quick Suite includes insights agents that you can use to interact with your data and workflows through natural language. Quick Suite includes a built-in agent to answer questions across all of your data and custom chat agents that you can configure with specific expertise and business context. Custom chat agents can be tailored for particular departments or use cases—such as a sales agent connected to your product catalog data and pricing information stored in a space or a compliance agent configured with your regulatory requirements and actions to request approvals.

Additional things to know
If you’re an existing Amazon QuickSight customer – Amazon QuickSight customers will be upgraded to Quick Suite, a unified digital workspace that includes all your existing QuickSight business intelligence capabilities (now called “Quick Sight”) plus new agentic AI capabilities. This is an interface and capability change—your data connectivity, user access, content, security controls, user permissions, and privacy settings remain exactly the same. No data is moved, migrated, or changed.

Quick Suite offers per-user subscription-based pricing with consumption-based charges for the Quick Index and other optional features. You can find more detail on the Quick Suite pricing page.

Now available
Amazon Quick Suite gives you a set of agentic teammates that helps you get the answers you need using all your data and move instantly from answers to action so you can focus on high value activities that drive better business and customer outcomes.

Visit the getting started page to start using Amazon Quick Suite today.

Happy building
— Esra and Donnie

Security

[Guest Diary] Building Better Defenses: RedTail Observations from a Honeypot, (Thu, Oct 9th)

Leave a comment
This post was originally published on this site

[This is a Guest Diary by Jin Quan Low, an ISC intern as part of the SANS.edu Bachelor's Degree in Applied Cybersecurity (BACS) program [1].]

Ransomware [2] is often the first word that comes to mind when we think about cybercriminals chasing financial gain. It barges in, locks files, drops ransom notes, and causes immediate disruption.

Cryptojacking [3], on the other hand, acts like a quiet trespasser. It slips in unnoticed, makes itself at home, and hijacks computing resources in the background to mine cryptocurrency while the victim stays unaware. Because it rarely causes disruptions, cryptojacking does not get the same level of attention as ransomware. 

Over the past three months, my DShield honeypot captured repeated attempts to deploy RedTail, a cryptojacking malware first observed in early 2024 [4]. RedTail targets Monero cryptocurrency [5], typically gaining access through brute-forced SSH logins or exploiting vulnerabilities and deploying scripts to establish persistence and launch mining processes. The activity observed showed that compromises can extend beyond simple cryptomining, making RedTail a relevant case study for defenders.

Mapping Attacks to MITRE ATT&CK Tactics, Techniques and Procedures (TTPs)

Malware IOCs are very useful for quick detection, but they can be easily invalidated. Attackers only need to change part of their code, and those indicators lose all value. RedTail malware is no exception. Researchers had already detected different hashes of the same malware [6]. 

TTPs on the other hand rarely change and can be leveraged to detect similar threat behaviours. Hence, the observed attack involving RedTail malware will be mapped to the MITRE ATT&CK framework and how we can better defend ourselves. 

ATT&CK framework can be categorized into PRE-ATT&CK and ATT&CK (Refer to Figure 1).


Figure 1: PRE-ATT&CK & ATT&CK (MITRE ATT&CK framework)

 

The following attack sequence observed from my honeypot is mapped to this framework as an example.

PRE-ATT&CK

The early phases — reconnaissance and weaponization — may not always appear in logs, but later activity on the honeypot shows the existence of those phases (refer to Figure 2).

  • Reconnaissance: Attackers scan IP ranges to look for exposed services (T1595.001: Active Scanning – Scanning IP Block).
  • Weaponization: They develop or package their malware payloads (T1587.001: Develop Capabilities – Malware) and stage them for delivery (T1608.001: Stage Capabilities – Upload Malware).


Figure 2: PRE-ATT&CK phase showing reconnaissance and weaponization techniques observed

 

ATT&CK

ATT&CK phase entails the Deliver, Exploit, Control, Execute and Maintain stages.

The Deliver phase (refer to Figure 3) is mapped to the following stages:

  • Initial Access: In my honeypot, attackers attempted brute-force SSH logins and eventually succeeded using valid credentials (T1078.002: Valid Accounts – Local Account).
  • Execution: Once inside, attackers ran clean.sh and setup.sh to prepare the environment (T1059.004: Command and Scripting Interpreter – Unix Shell).
  • Persistence: Attackers implanted their own SSH keys to maintain access (T1098.004: Account Manipulation – SSH Authorized Keys). This allowed them to return at will, bypassing password controls.


Figure 3: Deliver phase highlighting brute-forced SSH access, script execution, and persistence methods)

 

The Exploit to Execute phase (refer to Figure 4) is mapped to the following stages:

  • Defense Evasion: Attackers deleted files to cover their tracks (T1070.004: Indicator Removal – File Deletion). 
  • Discovery: Attackers queried system information to confirm compatibility before deploying RedTail (T1082: System Information Discovery).


Figure 4: Exploit and Execute phase showing file deletion and system discovery activity

 

The Execute and Maintain phase (refer to Figure 5) is mapped to the following stages:

  • Command and Control: Outbound HTTPS traffic (Port 443) from infected systems to malicious mining pool servers [6]. This matches ATT&CK’s T1071.001: Application Layer Protocol – Web Protocols.
  • Impact: RedTail malware is known to hijack CPU cycles to mine cryptocurrency (T1496.001: Resource Hijacking – Compute Hijacking). While subtle, this creates financial and performance costs for victims.


Figure 5: Execute and Maintain stage including outbound pool traffic and cryptojacking impact

 

Unique Observations from Honeypot

While RedTail has been reported in multiple incidents, my honeypot logs revealed several noteworthy behaviors beyond generic cryptojacking activity:

  • Brute-forced SSH access: Attackers brute-forced SSH logins before deploying RedTail, showing that weak credentials remain an active entry vector.
  • Script-based setup: After gaining access, they uploaded and executed setup.sh to configure the miner. They also ran clean.sh to remove competing cryptomining processes, ensuring RedTail had exclusive use of system resources.
  • Persistence through SSH keys: Attackers implanted their own SSH keys into ~/.ssh/authorized_keys, allowing them to return without repeating brute-force attempts.
  • Defense evasion: Logs recorded file deletion commands, which indicated that attackers tried to cover their tracks after installation.

These observations show that RedTail campaigns extend beyond simple cryptomining. Attackers maintain persistence, remove competition, and conceal their activity — behaviors that defenders should use when building detection and response strategies.

Mitigation

Defending against RedTail and similar cryptojacking malware requires a two-stage approach: prevention and detection/response.

  1. Prevention (First Line of Defense)
    • Hardening Access
      • Use SSH key authentication and disable password logins.
      • Rate-limit SSH login attempts; enforce lockouts on repeated failures (fail2ban).
      • Disable root logins (PermitRootLogin no) and unnecessary services.
    • Patching and Updates
      • Apply security updates.
    • Network Controls
      • Restrict unnecessary inbound access.
      • Segment honeypots and exposed systems from production assets.
      • Block or sinkhole known mining pool connections.
         
  2. Detection & Response (Catching What Slips Through)
    • Visibility
      • Enable detailed SSH, process, and outbound network logging.
      • Monitor CPU, memory, and disk I/O for abnormal sustained spikes.
    • TTP-Based Detection
      • Watch for brute-force attempts and repeated failed logins.
      • Flag unauthorized entries in ~/.ssh/authorized_keys.
      • Detect creation of unusual systemd services.
      • Monitor encrypted outbound traffic to unknown/private pools.
    • Response Actions
      • Isolate compromised hosts immediately.
      • Remove attacker SSH keys and terminate mining processes.
      • Rebuild compromised systems from clean images.
    • Continuous Monitoring
      • Track for reinfection attempts.
      • Use honeypots (like DShield) to capture new TTPs and feed them into defenses.

Conclusion

The only way to detect threats is to look for them, and detection has little value without response. Protecting devices and networks remains challenging but achievable with layered defenses. As the world grows more connected and attackers getting craftier, defenders must improve too.

[1] https://www.sans.edu/cyber-security-programs/bachelors-degree/
[2] https://www.checkpoint.com/cyber-hub/threat-prevention/ransomware/
[3] https://www.malwarebytes.com/cryptojacking
[4] https://www.akamai.com/blog/security-research/2024-redtail-cryptominer-pan-os-cve-exploit
[5] https://www.forescout.com/blog/new-redtail-malware-exploited-via-php-security-vulnerability/
[6] https://isc.sans.edu/diary/30950
[7] https://www.virustotal.com/gui/file/89782d8142297907c9962eebdae29c28df86805a99f38a683ab55c8fa1596dd8/behavior

 


Jesse La Grew
Handler

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

AWS

New general-purpose Amazon EC2 M8a instances are now available

Leave a comment
This post was originally published on this site

Today, we’re announcing the availability of Amazon Elastic Compute Cloud (Amazon EC2) M8a instances, the latest addition to the general-purpose M instance family. These instances are powered by the 5th Generation AMD EPYC (codename Turin) processors with a maximum frequency of 4.5GHz. Customers can expect up to 30% higher performance and up to 19% better price performance compared to M7a instances. They also provide higher memory bandwidth, improved networking and storage throughput, and flexible configuration options for a broad set of general-purpose workloads.

Improvements in M8a
M8a instances deliver up to 30% better performance per vCPU compared to M7a instances, making them ideal for applications that require benefit from high performance and high throughput such as financial applications, gaming, rendering, application servers, simulation modeling, midsize data stores, application development environments, and caching fleets.

They provide 45% more memory bandwidth compared to M7a instances, accelerating in-memory databases, distributed caches, and real-time analytics.

For workloads with high I/O requirements, M8a instances provide up to 75 Gbps of networking bandwidth and 60 Gbps of Amazon Elastic Block Store (Amazon EBS) bandwidth, a 50% improvement over the previous generation. These enhancements support modern applications that rely on rapid data transfer and low-latency network communication.

Each vCPU on an M8a instance corresponds to a physical CPU core, meaning there is no simultaneous multithreading (SMT). In application benchmarks, M8a instances delivered up to 60% faster performance for GroovyJVM and up to 39% faster performance for Cassandra compared to M7a instances.

M8a instances support instance bandwidth configuration (IBC), which provides flexibility to allocate resources between networking and EBS bandwidth. This gives customers the flexibility to scale network or EBS bandwidth by up to 25% and improve database performance, query processing, and logging speeds.

M8a is available in ten virtualized sizes and two bare metal options (metal-24xl and metal-48xl), providing deployment choices that scale from small applications to large enterprise workloads. All of these improvements are built on the AWS Nitro System, which delivers low virtualization overhead, consistent performance, and advanced security across all instance sizes. These instances are built using the latest sixth generation AWS Nitro Cards, which offload and accelerate I/O for functions, increasing overall system performance.

M8a instances feature sizes of up to 192 vCPU with 768GiB RAM. Here are the detailed specs:

M8a vCPUs Memory (GiB) Network bandwidth (Gbps) EBS bandwidth (Gbps)
medium 1 4 Up to 12.5 Up to 10
large 2 8 Up to 12.5 Up to 10
xlarge 4 16 Up to 12.5 Up to 10
2xlarge 8 32 Up to 15 Up to 10
4xlarge 16 64 Up to 15 Up to 10
8xlarge 32 128 15 10
12xlarge 48 192 22.5 15
16xlarge 64 256 30 20
24xlarge 96 384 40 30
48xlarge 192 768 75 60
metal-24xl 96 384 40 30
metal-48xl 192 768 75 60

For a complete list of instance sizes and specifications, refer to the Amazon EC2 M8a instances page.

When to use M8a instances
M8a is a strong fit for general-purpose applications that need a balance of compute, memory, and networking. M8a instances are ideal for web and application hosting, microservices architectures, and databases where predictable performance and efficient scaling are important.

These instances are SAP certified and also well suited for enterprise workloads such as financial applications and enterprise resource planning (ERP) systems. They’re equally effective for in-memory caching and customer relationship management (CRM), in addition to development and test environments that require cost efficiency and flexibility. With this versatility, M8a supports a wide spectrum of workloads while helping customers improve price performance.

Now available
Amazon EC2 M8a instances are available today in US East (Ohio) US West (Oregon) and Europe (Spain) AWS Regions. M8a instances can be purchased as On-Demand, Savings Plans, and Spot Instances. M8a instances are also available on Dedicated Hosts. To learn more, visit the Amazon EC2 Pricing page.

To learn more, visit the Amazon EC2 M8a instances page and send feedback to AWS re:Post for EC2 or through your usual AWS support contacts.

Betty