This issue is sponsored by Invary. Check out Invary's ability to detect hidden rootkits, a task that modern threat detection solutions fail in action » HERE.

This week TLDR i.e. 1 minute version (For executives):

1. Amazon Inspector agentless vulnerability assessment for Amazon EC2 now Generally Available (GA).

2. Amazon Data Lifecycle Manager default policies now supports AWS Organizations.

3. AWS AppFabric now supports SentinelOne Singularity Cloud.

4. AWS CodeBuild now supports managed GitHub Action runners.

Trending in Cloud & Cyber Security (Security Blogs, articles, news, advisories etc):

1. AWS Security Blogs & Bulletins:

   • Authorize API Gateway APIs using Amazon Verified Permissions and Amazon Cognito. Link.

   • Using Amazon Verified Permissions to manage authorization for AWS IoT smart home applications. Link.

2. General security blogs, articles & reports:

   • How an empty S3 bucket can make your AWS bill explode by Maciej Pocwierz. Link.

   • The State of AWS's Block Public Access: Is It Secure By Default? by Jason Kao. Link.

   • An overview of CloudTrail events that are interesting from an Incident Response perspective. Github Link.

   • Amazon Science- 98 Amazon Research Awards recipients announced. Link.

   • Okta- How to Block Residential Proxies using Okta. Link.

3. Trending on the news & advisories:

   • UnitedHealth Group Updates on Change Healthcare Cyberattack- it paid the attackers. Link.

   • ArcaneDoor - New espionage-focused campaign found targeting perimeter network devices. Link.

   • WordPress Automatic Plugin <= 3.92.0 is vulnerable to SQL Injection. Link.

   • IBM to Buy HashiCorp in $6.4 Billion Deal. Link.

This week Long i.e. 3-5 minutes version (For architects & engineers):

1. Amazon Inspector now provides continuous monitoring of EC2 instances for software vulnerabilities without the need for installing an agent or additional software. The existing method uses the AWS Systems Manager (SSM) agent to check for vulnerabilities in third-party software. With this update, Inspector introduces two scanning modes for EC2 assessments: hybrid scan mode and agent-based scan mode. In hybrid scan mode, Inspector utilizes SSM agents to gather data from instances for vulnerability assessments. If an instance doesn't have an SSM agent installed or configured, Inspector automatically switches to agentless scanning. In agentless scanning, Inspector creates snapshots of EBS volumes to gather software inventory from the instances to assess vulnerabilities. Link. Here’s the example of my AWS inspector setting:

   

2. With AWS CloudFormation StackSets, you can now set up and manage Amazon Data Lifecycle Manager default policies for the entire organization or specific organizational units (OUs). These default policies complement existing backup strategies by ensuring that EBS-backed AMIs and EBS Snapshots are only created for instances and volumes lacking recent backups. This approach helps administrators ensure that all member accounts have thorough backup coverage while avoiding duplicate backups, thereby reducing both management effort and costs.. Link. This is well explained in THIS blog. For example, I ran a CloudFormation stack to enable default policy for EBS snapshot management in my AWS Org:

   

3. AWS AppFabric now supports SentinelOne Singularity Cloud as both a data source and a compatible security destination, allowing IT administrators and security analysts to use AppFabric to connect with 27 supported SaaS applications, consolidate enriched and standardized SaaS audit logs, and monitor end-user access across their SaaS apps. Link. Here’s the app authorization option from my AppFabric console:

   

4. AWS CodeBuild now supports managed GitHub Actions self-hosted runners, enabling you to configure CodeBuild projects to receive GitHub Actions workflow job events and execute them on CodeBuild's temporary hosts. With this feature, GitHub Actions can integrate seamlessly with AWS, providing enhanced security and convenience through services like IAM, AWS Secrets Manager, AWS CloudTrail, and Amazon VPC. Customers can leverage all the compute platforms offered by CodeBuild, including Lambda, GPU-enabled, and Arm-based instances.. Link. For example, here’s my build log sample. I used the Lambda compute option: