Ten years ago, Amazon introduced the Kindle and established the appeal of reading on a digital device. Four years ago, Jeff Bezos and company rolled out the Echo, prompting millions of people to start talking to a computer.

Now Amazon.com Inc. is working on another big bet: robots for the home. The retail and cloud computing giant has embarked on an ambitious, top-secret plan to build a domestic robot, according to people familiar with the plans. Codenamed “Vesta,” after the Roman goddess of the hearth, home and family, the project is overseen by Gregg Zehr, who runs Amazon’s Lab126 hardware research and development division based in California. 

Security research firm Rhino Security Labs found a vulnerability in the Amazon Key in-home delivery service's security procedures that could allow either the courier or even a savvy and malicious bystander to enter your home undetected after the delivery is completed.

Amazon has promised to change how Key works in order to make it easier for you to tell when something unusual is happening in this event, but the changes proposed by Amazon don't necessarily resolve the vulnerability. Amazon Key is available to Amazon customers who have bought and installed Amazon's own Cloud Cam security camera and installed it at their front door. 

Money may not grow on trees, but apparently, it can grow in Amazon Web Services (AWS).

A report from the security intelligence group RedLock found at least two companies which had their AWS cloud services compromised by hackers who wanted nothing more than to use the computer power to mine the cryptocurrency bitcoin. The hackers ultimately got access to Amazon's cloud servers after discovering that their administration consoles weren't password protected. "Upon deeper analysis, the team discovered that hackers were executing a bitcoin mining command from one of the Kubernetes containers," reads the RedLock report. 

A security company has found an Amazon server that was stuffed with thousands of pieces of personal information about military types with little or no protection on it. The security company is called UpGuard, and it says that it found the collection of resumes and applications for a position at a place called TigerSwan.

TigerSwan told UpGuard that these resumes included some from people applying for top secret jobs, which makes their storing on an unsecured cloud-based server sound a bit odd. The UpGuard Cyber Risk Team can now disclose that a publicly accessible cloud-based data repository of resumes and applications for employment submitted for positions with TigerSwan.

Android phone maker Blu Products was dealt a blow when Amazon said it would no longer sell its phones, citing security and privacy issues. The phone maker came under scrutiny last week by researchers at Kryptowire during a Black Hat session where they criticized the company for collecting personal identifiable information without user consent.

“Because security and privacy of our customers is of the utmost importance, all Blu phone models have been made unavailable for purchase on Amazon.com until the issue is resolved,” Amazon said. Blu Product phones are Amazon’s top unlocked Android phone seller and known for their affordable prices.

A vulnerability in older Amazon Echo devices can be used to make the home assistant relay conversations to eavesdroppers while the owner remains none the wiser. Research by MWR InfoSecurity found it's possible to turn an Amazon Echo into a covert listening device without affecting its overall functionality.

One big limiting factor: the process does involve the attacker being able to gain access to the physical unit, but it's possible to tamper with the Echo without leaving any evidence. The vulnerability comes as a result of two design choices: exposed debug pads on the base of the device and a hardware configuration setting.

On May 24, Chris Vickery, a cyber risk analyst with the security firm UpGuard, discovered a publicly accessible data cache on Amazon Web Services' S3 storage service that contained highly classified intelligence data. The cache was posted to an account linked to defense and intelligence contractor Booz Allen Hamilton.

And the files within were connected to the US National Geospatial-Intelligence Agency (NGA), the US military's provider of battlefield satellite and drone surveillance imagery. Based on domain-registration data tied to the servers linked to the S3 "bucket," the data was apparently tied to Booz Allen and another contractor, Metronome.

Hackers have zeroed in on the growing number of third-party sellers on Amazon Marketplace, reportedly using stolen logins to swipe thousands of dollars from some merchants.

In recent weeks, hackers have ramped up their attacks by taking over dormant accounts and changing the bank account information. They'll then post nonexistent merchandise at bargain prices, make the sell and collect the cash. Buyers can get a refund, but the scam hits sellers hard, since they're on the hook for reimbursing customers who never received their merchandise. Hackers then likely used a method called "credential stuffing."

For decades, grocery stores have dreamed of fully automated technology that would allow them to dispense with cashiers altogether. But self-checkout systems introduced so far have been clunky and wound up just shifting a lot of work from store employees onto the customer.

Amazon introduced a new self-checkout technology that could totally transform the retail sector. Called “Amazon Go,” the technology literally allows people to walk into a store, select items they want to purchase, and walk out. There’s no checkout process at all. Amazon is opening an 1,800-square-foot convenience store in Seattle to test out the technology. 

Malicious advertisements have popped up on websites such as YouTube, Amazon and Yahoo, part of a sophisticated campaign to spread malware, Cisco said Monday.

When encountered, the malicious advertisements cause a person to be redirected to a different website, which triggers a download based on whether the computer is running Windows or Apple’s OS X, wrote Armin Pelkmann, a threat researcher. The network has been nicknamed Kyle and Stan due to those names appearing in subdomains of more than 700 websites the attackers have set up to distribute the malware, Pelkmann wrote.