This week TLDR i.e. 1 minute version (For executives):

1. Amazon VPC Route Server announces logging enhancements.

2. AWS Site-to-Site VPN introduces three new capabilities for enhanced security.

3. AWS KMS launches on-demand key rotation for imported keys.

4. AWS Network Firewall launches new monitoring dashboard.

5. Announcing ASN match support for AWS WAF.

Trending in Cloud & Cyber Security:

1. AWS Security Blogs & Bulletins:

   • Bulletin: CVE-2025-5688 - Out of Bounds Write in FreeRTOS-Plus-TCP. Link.

   • Building secure foundations: A guide to network and infrastructure security at AWS re:Inforce 2025. Link.

   • Implementing just-in-time privileged access to AWS with Microsoft Entra and AWS IAM Identity Center. Link.

   • How to use on-demand rotation for AWS KMS imported keys. Link.

2. General security blogs, articles, reports & trending news/advisories:

   • Bruteforcing the phone number of any Google user. Link.

   • Newly identified wiper malware “PathWiper” targets critical infrastructure in Ukraine by Jacob Finn, Dmytro Korzhevin, Asheer Malhotra. Link.

   • Follow the Smoke | China-nexus Threat Actors Hammer At the Doors of Top Tier Targets. Link.

   • Official Root Cause Analysis (RCA) for SentinelOne Global Service Interruption. Link.

   • BladedFeline: Whispering in the dark. Link.

   • Lumma Infostealer – Down but Not Out? Link.

   • Malicious Ruby Gems Exfiltrate Telegram Tokens and Messages Following Vietnam Ban by Kirill Boychenko. Link.

   • AMOS Variant Distributed Via Clickfix In Spectrum-Themed Dynamic Delivery Campaign By Russian Speaking Hackers by Koushik Pal. Link.

   • Orca 2025 State of Cloud Security Report: Cloud Risks Surge Amid Expanding AI Adoption. Link.

   • FBI Advisory: Alert Number: I-060325-PSA on NFT Airdrop Defrauding Techniques. Link.

   • The Cost of a Call: From Voice Phishing to Data Extortion. Link.

   • Cyber criminals bribed and recruited a group of rogue overseas support agents to steal Coinbase customer data. Link.

   • Victoria’s Secret & Co. Security Incident Involving Information Technology Systems. Link.

   • Microsoft & Crowdstrike partner on threat actor naming. Link.

This week Long i.e. 3-5 minutes version (For architects & engineers):

1. Amazon VPC Route Server has added new network metrics to monitor BGP and BFD sessions, troubleshoot connectivity, and view network health in real-time. This update enables faster, independent diagnosis of network issues, with flexible log delivery to CloudWatch, S3, and more. Link. For example, here are my log delivery options:

   

2. AWS Site-to-Site VPN is introducing three new features: a) Secrets Manager integration hides pre-shared keys in API responses. b) A new API tracks VPN encryption details and c) A "recommended" config option promotes best-practice security settings. Link. CLI references HERE and here are my configs:

   

   

3. AWS Key Management Service (KMS) now supports on-demand rotation of symmetric encryption keys with imported key material (BYOK), enabling periodic key rotation, without changing the key identifier. Link. Well explained in THIS blog. For example, here is my on-demand rotation option and remaining rotation counts:

   

4. AWS Network Firewall launched a new monitoring dashboard, providing enhanced visibility into network traffic patterns and activities for better management and troubleshooting. The dashboard offers insights into:

   Top traffic flows, TLS Server Name Indication (SNI), HTTP Host headers,Long- lived TCP flows and Failed TCP handshakes. Link. For example, here is my config:

   

5. AWS WAF has added support for matching incoming requests against Autonomous System Numbers (ASNs), allowing you to mitigate risks from malicious actors Comply with regulatory requirements Optimize web application performance and availability. The new ASN Match Statement integrates with existing WAF rules. Link. For example, here’s my config:

   

   Subscribe

   Share