This issue is sponsored by Invary. Check out Invary's ability to detect hidden rootkits, a task that modern threat detection solutions fail in action » HERE.

This week TLDR i.e. 2 minutes version (For executives):

1. Amazon EC2) M2 Pro Mac instances are now generally available.

2. IAM Roles Anywhere credential helper now supports PKCS #11 modules (including YubiKey).

3. Amazon SNS message data protection can now de-identify outbound messages via redaction or masking.

4. Amazon Connect launches CloudFormation support for security profiles.

5. IAM Roles Anywhere is now available in the AWS GovCloud (US) Regions.

Trending in Cloud & Cyber Security (News, Blogs, Tweets etc):

1. Cloud security historian @ScottPiper added Wyze security camera’s incident where a user was seeing someone else's webcam feed (posted on Reddit) to the security incidents related to caching issues list HERE.

   

2. Rhino Security Labs added a new CloudGoat Scenario: IAM Privesc By Key Rotation. Check out the Git page HERE.

3. CNAPPgoat- Ermetic’s open source vulnerable-by-design tool for enhancing your security skills launched the first batch of scenarios relevant to Google Cloud Platform. Link.

4. AWS’s YouTube series: Clarke Rodgers, Director of AWS Enterprise Strategy sits down with Darren Kane, Chief Security Officer at Australia's National Broadband Network to discuss the difference between the CISO and CSO roles and why it may be time for security leaders to “drop the I.” Link.

5. Interesting blog by Mandiant- “Why Are You Texting Me? UNC3944 Leverages SMS Phishing Campaigns for SIM Swapping, Ransomware, Extortion, and Notoriety”. Link.

6. Wiz research posted that it found a data exposure incident on Microsoft’s AI GitHub repository, including over 30,000 internal Microsoft Teams messages – all caused by one misconfigured SAS token. Blog.

7. CISA Adds Eight Known Exploited Vulnerabilities to Catalog. Link.

8. GitLab released versions 16.3.4 and 16.2.7 for GitLab Community Edition (CE) and Enterprise Edition (EE) which contain important security fixes and strongly recommended that all GitLab installations be upgraded to one of these versions immediately. Link.

9. TrendMicro- Critical security bulletin: 3rd Party AV Uninstaller Module for Trend Micro Apex One and Worry-Free Business Security Arbitrary Code Execution Vulnerability. Link.

10. Signal announced the first step in advancing quantum resistance for the Signal Protocol: an upgrade to the X3DH specification called PQXDH. Link.

11. The Verge reported that T-Mobile users say other people’s account information is appearing in their app. Link.

12. GitHub Passkeys are generally available. Link.

13. Apple released new security updates. Recommended to patch your devices ASAP. Link.

This week Long i.e. 5-10 minutes version (For architects & engineers):

1. AWS IAM Roles Anywhere credential helper has expanded its capabilities by now accommodating PKCS #11 modules. In version 1.1.0 of the credential helper, there is added support for X.509 certificates and private keys that are securely stored in security modules compatible with the Public-Key Cryptography Standards (PKCS) #11. The IAM Roles Anywhere credential helper is a utility designed to streamline the process of signing the CreateSession API using the private key linked to an X.509 end-entity certificate. It then proceeds to call the endpoint for obtaining temporary AWS credentials. With this latest release, you can utilize the credential helper to delegate the signing operations to keys kept within PKCS #11 compatible security modules. Notably, these keys remain within their respective secure stores throughout the process, contributing to an enhancement in your overall security posture. Link. To learn more about how to delegate signing operations to PKCS #11 modules such as YubiKeys check the blog. Link.

2. Amazon SNS message data protection can now de-identify outbound messages via redaction or masking. Link. The blog explains it well. Link. This is especially a helpful release for industry that require strict compliance & security (for example, the healthcare industry).

3. Amazon Connect has introduced support for AWS CloudFormation integration with security profiles. This enhancement enables you to employ AWS CloudFormation templates for deploying Amazon Connect security profiles, seamlessly integrating them with your overall AWS infrastructure in a secure, streamlined, and reproducible manner. This capability empowers you to enforce uniform security policies across various instances. CloudFormation facilitates the tracking of alterations over time, the application of controlled and automated updates, and offers version control to simplify the process of reverting changes when necessary. Link.

4. IAM Roles Anywhere is now available in the AWS GovCloud (US) Regions. Link. IAM Roles Anywhere empowers your workloads, including servers, containers, and applications, to acquire temporary AWS credentials through X.509 digital certificates. By leveraging IAM Roles Anywhere, you gain the advantage of employing temporary credentials instead of long-lasting ones, thereby enhancing your overall security stance. This approach not only bolsters security but also lowers support expenses and simplifies operational intricacies by enabling uniform access controls, deployment pipelines, and testing procedures across all your workloads.

Security Jobs (Occasional post):

1. Oracle. Principal Cloud Security Engineer. Remote. US. Link.

2. Hinge Health. AWS Lead Security Engineer (Remote). US. Link.

3. Robinhood. Staff Security Engineer, Detection and Response. Washington, DC (On-site). Link.

4. Warner Bros. Discovery. Sterling, VA (Hybrid). Link.

Thank You for reading! If you enjoyed this newsletter, I’d be grateful if you could forward it to your professional circle.

Best,

AJ

Find me in LinkedIn & X (Previously Twitter)