Release Date: July 30, 2023
This week (TLDR i.e. 2 minutes version):
AWS IAM Roles Anywhere released credential helper version 1.0.5 to include support for X.509 certificates and private keys that are stored in macOS and Windows certificate stores- without those keys ever leaving those stores; which can improve your security posture. In Windows, both CryptoAPI and Cryptography API: Next Generation (CNG) are supported; in macOS, Keychain is supported. Release note Link
Amazon EMR announced new feature that enables user authentication to EMR on EC2 clusters using Lightweight Directory Access Protocol (LDAP) based credentials. With this launch, AD users are synced to the EMR on EC2 cluster automatically when LDAP authentication is enabled. This simplifies authentication to EMR clusters for administrators by eliminating the manual steps to sync users and/or implementing application-specific LDAP configuration. Link
Amazon EMR Serverless now supports storing logs in Amazon CloudWatch. Link
AWS Glue Studio now supports Amazon CodeWhisperer. Link
AWS Health now supports delegated administrator. Link
AWS Lambda adds support for Python 3.11. Link
AWS Database Encryption SDK for Amazon DynamoDB now generally available, which is an upgrade to the existing Amazon DynamoDB Encryption Client, which enables you to include client-side encryption in your DynamoDB workloads. Link
AWS announces Public IP Insights, a new feature of VPC IP Address Manager, making it easier for you to monitor, analyze and audit public IPv4 addresses used across AWS services, in your AWS account. Link. This could be related to #9 below.
AWS is introducing a new charge for public IPv4 addresses. Effective February 1, 2024 there will be a charge of $0.005 per IP per hour for all public IPv4 addresses, whether attached to a service or not (there is already a charge for public IPv4 addresses you allocate in your account but don’t attach to an EC2 instance). Link. Corey Quinn has a nice blog on it- Link.
Amazon Route 53 adds support for 14 additional Top-Level Domains that you can now register with Route 53: .actor, .airforce, .bet, .degree, .games, .gives, .gmbh, .group, .press, .site, .space, .tech, .store, and .wine. Link
Also on the news:
Apple has released security updates to address zero-day vulnerabilities exploited in attacks targeting iPhones, Macs, and iPads. Link
CISA advisory on CVE-2023-35078 Ivanti Endpoint Manager Mobile Authentication Bypass Vulnerability. Link
Microsoft has released the optional KB5028244 Preview cumulative update for Windows 10 22H2 with 19 fixes or changes, including an update to the Vulnerable Driver Blocklist to block BYOVD attacks. Link
SEC Adopts Rules on Cybersecurity Risk Management, Strategy, Governance, and Incident Disclosure by Public Companies (Note: now requires companies to disclose cyberattacks in 4 days). Link
CVE-2023-38750. Zimbra patches zero-day vulnerability exploited in XSS attacks. Link
Top Announcements of the AWS Summit in New York, 2023. Link
Thank You for reading! If you enjoyed this newsletter, I’d be grateful if you could forward it to your professional circle.
Thanks for reading AWS Cloud Security Weekly! Subscribe for free to receive new posts and support my work.