Release Date: August 7, 2023
This week (TLDR i.e. 2 minutes version):
Amazon Inspector now provides enhanced vulnerability intelligence as a part of its findings which includes names of known malware kits used to exploit a vulnerability, mapping to MITRE ATT&CK® framework, the date Cybersecurity and Infrastructure Security Agency (CISA) added the vulnerability to Known Exploited Vulnerabilities Catalog (KVEC), Exploit Prediction Scoring System (EPSS) score, and evidence of public events associated with a vulnerability. Link
Amazon Aurora MySQL 3.04 (compatible with MySQL 8.0.28) is generally available. In addition to several security enhancements and bug fixes, MySQL 8.0.28 includes several improvements, such as Instant DDL support for Rename column operations, support for multi-threaded DDL operations, support for TLS v1.3 protocol, and performance schema monitoring enhancements. Link
AWS Config now supports 19 more resource types for services, including AWS Amplify, Amazon AppIntegrations, AWS App Mesh, Amazon Athena, Amazon Elastic Compute Cloud (Amazon EC2), Amazon CloudWatch Evidently, Amazon Forecast, AWS IoT Greengrass Version 2, AWS Ground Station, AWS Elemental MediaConnect, AWS Elemental MediaTailor, Amazon Managed Streaming for Apache Kafka (Amazon MSK), Amazon Personalize, Amazon Pinpoint, and AWS Resilience Hub.
Amazon VPC IP Address Manager (IPAM) now supports three new CloudWatch metrics — VpcIPUsage, SubnetIPUsage, and PublicIPv4PoolIPUsage, that allow you to identify underutilized or near full capacity IP address ranges, optimizing your IP address usage on AWS. These metrics proactively track IP address usage across resources such as Amazon Virtual Private Clouds (Amazon VPCs), subnets, and Public IPv4 Pools. You can also set alarms for these metrics in Amazon CloudWatch to receive notifications when an IP address usage threshold is breached. Link
Amazon Aurora MySQL-Compatible and PostgreSQL-Compatible editions now supports automatic backups for deleted clusters. Customers can now choose to retain automatic backups when deleting an Aurora cluster, and later use it to restore a new cluster from it. Link
AWS Security Hub has released 12 new security controls, increasing the overall number of controls Security Hub offers to 276. With these new controls, Security Hub now supports three additional AWS services: Amazon Athena, Amazon DocumentDB (with MongoDB compatibility), and Amazon Neptune. Security Hub has also added an additional control against Amazon Relational Database Service (Amazon RDS). Link
Also on the news:
Ivanti Releases Security Updates for Endpoint Manager Mobile (EPMM) CVE-2023-35078. Link
Mitigate published a blog for “Abusing the SSM Agent as a Remote Access Trojan”. Link. IMO, this should fall under customer responsibility as part of shared responsibility model and this assumes attacker would already have privileged access to a machine.
The Cybersecurity and Infrastructure Security Agency (CISA), National Security Agency (NSA), and Federal Bureau of Investigation (FBI) has released 2022 Top Routinely Exploited Vulnerabilities. Link
AWS week in review. Link
AWS introduced its first list of security heroes. The AWS Heroes program recognizes individuals who combine their deeply technical expertise with a passion for helping others to learn more and build faster. Over the years, trends have evolved in how the community develops and deploys solutions built on AWS, which has influenced the creation of specialized Hero categories. Many Congratulations to the AWS Security heroes Chris Farris, Gerardo Castro, Keisuke Usuda, Ray Lin (Chia-Wei Lin), Shun Yoshie and Teri Radichel.. Link
AWS released a security bulletin for the security research describing software-based power side-channel concerns, otherwise known as ”Collide+Power“. Link
Thank You for reading! If you enjoyed this newsletter, I’d be grateful if you could forward it to your professional circle.
Thanks for reading AWS Cloud Security Weekly! Subscribe for free to receive new posts and support my work.