This issue is sponsored by Invary. Check out Invary's ability to detect hidden rootkits, a task that modern threat detection solutions fail in action » HERE.

This week TLDR i.e. 1 minute version (For executives):

1. AWS Launches Console-based Bulk Policy Migration for Billing and Cost Management Console Access.

2. Announcing support for Sigv4A with session tokens issued in AWS GovCloud (US-West) Region.

Trending in Cloud & Cyber Security (Security Blogs, articles, news, advisories etc):

1. AWS Security Blogs & Bulletins:

   • How to implement single-user secret rotation using Amazon RDS admin credentials. Link.

2. General security blogs, articles & reports:

   • Non-Production Endpoints as an Attack Surface in AWS by Nick Frichette. Link.

   • Phishing with Cloudflare Workers: Transparent Phishing and HTML Smuggling by Jan Michael Alcantara. Link.

   • Holes in Your Bitbucket: Why Your CI/CD Pipeline Is Leaking Secrets by Mark Swindle. Link.

   • Malicious PyPI packages targeting highly specific MacOS machines by Sebastian Obregoso. Link.

3. Trending on the news & advisories:

   • GitHub. On instances that use SAML single sign-on (SSO) authentication with the optional encrypted assertions feature, an attacker could forge a SAML response to provision and/or gain access to a user with administrator privileges. Link.

   • LastPass Is Encrypting URLs. Here’s What’s Happening. Link.

   • SEC Charges Intercontinental Exchange and Nine Affiliates Including the New York Stock Exchange with Failing to Inform the Commission of a Cyber Intrusion. Link.

   • GitLab high severity patch release. Link.

This week Long i.e. 3-5 minutes version (For architects & engineers):

1. AWS Billing and Cost Management console now offers a streamlined, console-based migration process for policies with retired IAM actions (aws-portal). Customers who have not yet transitioned to fine-grained IAM actions can initiate this process by selecting the Update IAM Policies recommended action on the Billing and Cost Management home page. This feature identifies affected policies, recommends equivalent new actions to maintain current access, provides testing options, and completes the migration of all affected policies across the organization. Link. I tried it and it was pretty straightforward.

   

2. AWS IAM now supports signing AWS API requests with the Sigv4A encryption algorithm using session tokens issued in the AWS GovCloud (US-West) Region. By using the Sigv4A algorithm to cryptographically sign an AWS request, you can send the request to service endpoints in any of the AWS GovCloud (US) Regions.

   If your account's workloads or callers need to sign AWS requests with Sigv4A, or if you plan to use an AWS feature that requires it, configure the AWS Security Token Service (STS) endpoint in the AWS GovCloud (US-West) Region to issue session tokens that support the Sigv4A algorithm. This configuration can be done via the AWS IAM Console or by calling the AWS IAM SetSecurityTokenServicePreferences API. These session tokens are larger in size, similar to those issued by the STS endpoint in the AWS GovCloud (US-East) Region, which already supports Sigv4A .Link.