This issue is sponsored by Invary. Check out Invary's ability to detect hidden rootkits, a task that modern threat detection solutions fail in action » HERE.

This week TLDR i.e. 1 minute version (For executives):

1. Amazon QuickSight now supports GetClusterCredentialswithIAM for Redshift Data Sources.

2. Amazon Detective adds support for EKS audit logs in Security Lake integration.

3. AWS Security Hub announces support for version 3.0 of the CIS AWS Foundations Benchmark.

4. AWS IAM Identity Center adds PKCE-based authorization for AWS applications.

Trending in Cloud & Cyber Security (Security Blogs, articles, news, advisories etc):

1. AWS Security Blogs & Bulletins:

   • Integrating AWS Verified Access with Jamf as a device trust provider. Link.

   • How to use WhatsApp to send Amazon Cognito notification messages. Link.

   • How to use AWS managed applications with IAM Identity Center: Enable Amazon Q without migrating existing IAM federation flows. Link.

   • Governing and securing AWS PrivateLink service access at scale in multi-account environments. Link.

   • Investigating lateral movements with Amazon Detective investigation and Security Lake integration. Link.

   • How to set up SAML federation in Amazon Cognito using IdP-initiated single sign-on, request signing, and encrypted assertions. Link.

2. General security blogs, articles & reports:

   • Blog- ‘16 years of CVE-2008-0166 Debian OpenSSL Bug’ by Hanno Böck. Link.

   • The Duckbill Group’s Corey Quinn on What Billing Data Can Tell Us About AWS Security. Link.

   • AWS Cloud Incident Analysis Query Cheatsheet by Rich Mogull. Link.

3. Trending on the news & advisories:

   • Amazon has a new CEO. Link.

   • Oracle goes vegan: Dumps Terraform for OpenTofu. Link.

   • Microsoft will require MFA for all Azure users. Link.

   • SEC: Financial orgs have 30 days to send data breach notifications. Link.

   • FedRAMP board launched to support safe, secure use of cloud services in government. Link.

   • Prison for cybersecurity expert selling private videos from inside 400,000 homes. Link.

   • Employee Personal GitHub Repos Expose Internal Azure and Red Hat Secrets. Link.

   • CISA and ONCD Award the Winners of the Fifth Annual President’s Cup Cybersecurity Competition. Link.

   • Linguistic Lumberjack: Attacking Cloud Services via Logging Endpoints (Fluent Bit - CVE-2024-4323). Link.

   • Amazon S3 will no longer charge for several HTTP error codes. Link.

   • Microsoft will require MFA for all Azure users. Link.

This week Long i.e. 3-5 minutes version (For architects & engineers):

1. Amazon QuickSight now allows connectivity to Redshift data sources using an IAM role through GetClusterCredentialswithIAM. This enhancement builds on the previously introduced Redshift RunasRole feature by making the Database user/Database Group parameters optional, effectively linking the temporary user identity directly to the IAM credentials. Link.

2. Amazon Detective adds support for EKS audit logs in Security Lake integration. Link. (Note: I wasn’t able to demo this because I had issues (possible bug) while setting up security lake and have reached out to AWS).

3. AWS Security Hub now supports version 3.0 of the Center for Internet Security (CIS) AWS Foundations Benchmark which includes 37 security controls, with 7 new controls that are unique to version 3.0. Security Hub has met the criteria for the CIS Security Software Certification and has been certified for levels 1 and 2 of the CIS AWS Foundations Benchmark version 3.0. Link. For example this is my Security Hub setting where I enabled the new standard:

   

4. AWS IAM Identity Center now supports OAuth 2.0 authorization code flows with the Proof Key for Code Exchange (PKCE) standard, enabling AWS applications to authenticate users securely and obtain their consent to access AWS resources from both desktop and mobile devices via web browsers. Link.