This issue is sponsored by Invary. Check out Invary's ability to detect hidden rootkits, a task that modern threat detection solutions fail in action » HERE.

This week TLDR i.e. 1 minute version (For executives):

1. Amazon RDS for MariaDB supports minors 10.11.7, 10.6.17, 10.5.24, 10.4.33.

2. Amazon Security Lake now supports audit logs from Amazon EKS.

3. Amazon EKS announces support for Amazon Linux 2023.

4. AWS WAF enhances rate-based rules to support configurable time windows.

5. Amazon WorkSpaces now supports WebAuthn for in-session authentication.

6. AWS Backup now supports restore testing for Amazon Aurora continuous backups.

Trending in Cloud & Cyber Security (Security Blogs, articles, news, advisories etc):

1. AWS Security Blogs & Bulletins:

   • Modern web application authentication and authorization with Amazon VPC Lattice. Link.

   • Enable multi-admin support to manage security policies at scale with AWS Firewall Manager. Link.

   • How to use Regional AWS STS endpoints. Link.

   • Enhance container software supply chain visibility through SBOM export with Amazon Inspector and QuickSight. Link.

   • Introducing the AWS WAF traffic overview dashboard. Link.

2. General security blogs, articles & reports:

   • Hacking Terraform State for Privilege Escalation by Daniel Grzelak. Link.

   • Proof of storage crypto miners by Scott Piper. Link.

   • When AWS invariants aren't [invariant] Aidan Steele. Link.

   • The state of ABAC on AWS (in 2024) by Rami McCarthy. Link.

   • Navigating the Cloud: Exploring Lateral Movement Techniques by Eden Elazar from Unit42. Link.

   • 2024 State of Cloud Security Report by Orca Security. Link.

3. Trending on the news & advisories:

   • UnitedHealth group “Optum” confirmed a cybersecurity issue perpetrated by a cybercrime threat actor ALPHV/Blackcat. Link.

   • Kali Linux 2024.1 Released (Micro Mirror). Link.

   • FACT SHEET: President Biden Issues Executive Order to Protect Americans’ Sensitive Personal Data. Link.

   • Cloud CISO Perspectives: Building better cyber defenses with AI. Link.

   • CISA, FBI, and MS-ISAC Release Advisory on Phobos Ransomware. Link.

   • How SVR-Attributed Actors are Adapting to the Move of Government and Corporations to Cloud Infrastructure. Link.

   • GitHub push protection now enabled by default. Link.

This week Long i.e. 3-5 minutes version (For architects & engineers):

1. The Amazon Relational Database Service (Amazon RDS) for MariaDB has expanded its support to include MariaDB minor versions 10.11.7, 10.6.17, 10.5.24, and 10.4.33. It is advisable to update to the most recent minor versions to address security vulnerabilities present in earlier releases of MariaDB. Additionally, upgrading allows you to leverage bug fixes, enhance performance, and access new features introduced by the MariaDB community. Link. Here are the engine version options in my RDS console:

   

2. AWS revealed an extension of log coverage support for Amazon Security Lake, now encompassing Amazon Elastic Kubernetes Service (Amazon EKS) audit logs. This advancement enables the automatic centralization and normalization of Amazon EKS audit logs within Security Lake. This enhancement simplifies the monitoring and investigation of potential suspicious activities within your Amazon EKS clusters. Link.

3. Amazon released Amazon Linux 2023 (AL2023) for general availability on Amazon Elastic Kubernetes Service (EKS). AL2023, the latest iteration of Amazon Linux by Amazon Web Services, is crafted to furnish a secure, stable, and high-performance environment for developing and running cloud applications. EKS users can leverage the advantages of AL2023 through the utilization of the standard AL2023-based EKS optimized Amazon Machine Image (AMI) with Managed Node Groups, self-managed nodes, and Karpenter. Link. For example, I was able to retrieve an AMI ID for amazon-linux-2023 on my EKS 1.29 using the CLI:

   

4. AWS WAF has introduced support for customizable evaluation time windows in request aggregation with rate-based rules. You now have the flexibility to choose time windows of 1 minute, 2 minutes, or 10 minutes, expanding on the previously available 5-minute option. Prior to this update, AWS WAF users could utilize rate-based rules to tally incoming requests and impose rate limits on those surpassing the specified rate threshold. The system previously employed a fixed 5-minute window for aggregating requests when evaluating rules. With the new enhancement, you can now opt for 1 minute, 2 minutes, or 10-minute time windows, in addition to the existing 5-minute window, offering adaptability based on the specific needs of their applications. A shorter evaluation window may be more effective for swiftly identifying and blocking spikes in high-traffic applications, while a longer window might be better suited for applications with less frequent access. Link. Here’s my WAF rule configuration sample:

   

5. Amazon WorkSpaces has incorporated support for the WebAuthn (Web Authentication) standard to enhance in-session authentication. Users can now authenticate themselves into web applications supporting WebAuthn through redirection when using Chrome or Edge on their Windows WSP WorkSpaces. This functionality is available across WorkSpaces Windows, macOS, and Linux client applications, and it is compatible with various authenticators such as YubiKey, Windows Hello, and other FIDO2-compliant devices. Organizations can utilize this updated standard to fortify security measures, preventing unauthorized access to sensitive company data on WorkSpaces. Link.

6. AWS Backup has introduced the capability to conduct restore testing for Amazon Aurora continuous backups. The restore testing feature in AWS Backup facilitates automated and regular tests on backed-up AWS resources. AWS Backup, being a fully managed service, streamlines and automates data protection for various AWS services and hybrid workloads. This enhancement enables you to assess recovery readiness, preparing for potential data loss scenarios & to gauge the duration of restore jobs for Amazon Aurora continuous backups, meeting compliance or regulatory requirements. Link. It’s well explained in THIS blog. Here’s my sample Aurora restore test plan: