Please accept my sincere apologies that Issue 2 was delayed. I had issues (pun-intended) with the hosting platform. For regular updates, please follow me on X (previously Twitter).
This week (TLDR i.e. 2 minutes version):
AWS Lambda and Amazon EventBridge Pipes now support enhanced filtering. One useful use case for example, you could have a stream of recently uploaded document metadata; you can now filter on that metadata to only process messages referencing documents ending in ".pdf" or ".docx. Link
Amazon Aurora PostgreSQL supports Microsoft AD authentication in AWS GovCloud (US) region. Support for Kerberos and Microsoft Active Directory provides the benefits of single sign-on and centralized authentication of Amazon Aurora with PostgreSQL compatibility database users. Link
Amazon Managed Grafana now supports in-place update for version 9.4. Link
AWS WAF now supports URI path aggregation key for rate-based rules. Now, customers can track request rates for any URI path without the need for additional scope down statements. For instance, customers can now simply create a rule to block users that initiate too many requests to any of the website's URI paths. Link
Amazon Route 53 Resolver now Available on AWS Outposts Rack, providing on-premises services and applications with local DNS resolution directly from Outposts.. Link
AWS PrivateLink announces integration with Amazon CloudWatch Contributor Insights. Link. You can use Contributor Insights rules to monitor and troubleshoot performance, for example, in the event of a rapid increase in traffic, you can enable a rule for the BytesProcessed metric to discover the customer endpoints sending the highest traffic volume. Similarly, you can enable rules to track endpoints with the highest number of active connections, new connections, and resets (RSTs).
Also on the news:
CISA has developed and published a factsheet, Free Tools for Cloud Environments, to help businesses transitioning into a cloud environment identify proper tools and techniques necessary for the protection of critical assets and data security. CISA cloud security technical reference architecture - Link.
Great blog on why Cedar was created. Link
Microsoft Azure AD signing key- Storm-0558 techniques for unauthorized email access. Good blog by Wiz security. Link. On a welcoming note, Microsoft has offered access to Microsoft's Purview Audit (Premium) logging feature free for all. Link
Secrets Revealed in Container Images: An Internet-wide Study on Occurrence and Impact. Link
Jumpcloud breach by state-backed APT hacking group. Link
Microsoft enhances Windows 11 Phishing Protection with new features. Link
This week (Long i.e. 5-10 minutes version).
CISA factsheet for free tools for cloud environment. I tried them. Useful ones from AWS perspectives.
a. The Cyber Security Evaluation Tool (CSET)- GitHub Link- This requires a Windows.
b. Decider- GitHub Link. This install a container (localhost) web endpoint. A UI guides you to various Tactics (screenshot below is an example for initial access). For example, someone can get into an AWS cloud account by phishing (especially if there is no MFA) technique (details HERE).
c. PoC of Memory forensic on cloud from JPCERT/CC - Link. The system only supports memory forensics on Windows OS. Blog Link.
d. MITRE framework- Link
This week I finally played around with CloudWatch Synthetic canaries (Note: I forgot to delete the resource on time & added some CloudWatch cost). YouTube Link. Interesting to compare use-cased against tools like OhDear for application uptime monitoring.
Trending:
AMD Zenbleed vulnerability CVE-2023-20593. Link. Per reports, GCP has patched it but there has been no official response from AWS security team yet. Cloud Security researcher Scott Piper posted in LinkedIn and confirmed that AWS EC2 C5a and C5ad are vulnerable and it might impact more or all AWS AMD instance types (not tested yet). It's not known if cross-tenant access is possible.
The very first AWS Firewall Security Activation Day was on July 18, 2023. You can check for future events HERE. I attended it. Extremely hands-on and helpful. Highly recommended.
fwd:cloudsec. Evading Logging in the Cloud Disrupting and Bypassing AWS CloudTrail by security research Nick Frichette and more were uploaded to YouTube. Link.
Thank You for reading! If you enjoyed this newsletter, I’d be grateful if you could forward it to your professional circle.
Best,
AJ