This week TLDR i.e. 1 minutes version (For executives):

1. Amazon Inspector now supports CIS Benchmark assessments for operating systems in EC2 instances.

2. AWS Payment Cryptography launches additional options for importing and exporting keys.

3. AWS Private CA now supports revocation for Matter certificates.

Trending in Cloud & Cyber Security (News, Blogs, Tweets etc):

1. AWS Security Blogs & Bulletins:

   • Integrating the AWS Lambda Telemetry API with Prometheus and OpenSearch. Link.

   • How to build a unified authorization layer for identity providers with Amazon Verified Permissions. Link.

   • AWS re:Invent 2023: Security, identity, and compliance recap. Link.

2. Article - ‘Awesome AWS Services that arnt in the console pt1’ by Ryan Pothecary. Link.

3. Blog - ‘boto3 Sessions, and Why You Should Use Them’ by Ben Kehoe. Link.

4. Apple’s iOS 17.3 introduces Stolen Device Protection to iPhones. Link.

5. SEC confirms that the X hack was SIM SWAP attack. Link.

6. CloudFlare interesting read- ‘How Cloudflare’s AI WAF proactively detected the Ivanti Connect Secure critical zero-day vulnerability’. Link.

7. Sydig’s 2023 Global Cloud Report. Link. (You can download the detailed report).

8. CISA new known Exploited Vulnerability on Confluence Data Center and Server. Link.

This week Long i.e. 5 minutes version (For architects & engineers):

1. Amazon Inspector has expanded its compatibility to include Center of Internet Security (CIS) Benchmark evaluations for operating systems on EC2 instances. The CIS Security Benchmarks program offers clear, impartial, consensus-driven industry best practices, aiding organizations in evaluating and enhancing their security measures. AWS holds membership in the CIS Security Benchmarks program. Link. (Note: The supported OS list can be found HERE). For example, I triggered a on-demand one time CIS benchmark LEVEL_2 scan on my test account. (Note: All screenshots or examples in the newsletter are from a non-production test lab environment).

   

2. AWS Payment Cryptography has introduced support for RSA Wrap and IPEK generation, offering customers seeking alternative options for transferring cryptographic keys into or out of the service. These enhancements provide additional flexibility for key exchange, complementing the existing support for industry standards like TR-34 and TR-31/X9.143. With AWS Payment Cryptography, you can streamline cryptography operations within your cloud-hosted payment applications. The service scales dynamically with your business and has been evaluated for compliance with PCI PIN Security requirements. Link. Note, the import is supported only via AWS CLI (API). Here’s my sample command:

   

3. AWS Private Certificate Authority (AWS Private CA) has expanded its capabilities to include revocation support for Matter certificates. Matter, an industry standard for smart home devices, ensures seamless and secure cross-vendor connectivity for various devices such as light bulbs, door locks, and media devices. AWS Private CA enables the issuance of digital certificates for identifying Matter devices. Matter 1.2 introduced revocation support for device attestation certificates (DACs) to enhance the security of the smart home standard. With the newly added revocation support in AWS Private CA, you can uphold Matter standard compliance without causing any disruption to your existing Matter certificate authorities (CAs). Link. Note: The revoke can be performed using AWS CLI only. Here’s my sample command:

   

Best,

AJ (Find me in LinkedIn & X & Mastodon). Email: contact@aws-cloudsec.com

Want to buy me a coffee? You can do it »HERE«