This issue is sponsored by Invary. Check out Invary's ability to detect hidden rootkits, a task that modern threat detection solutions fail in action » HERE.

This week TLDR i.e. 1 minute version (For executives):

1. AWS Security Hub launches 24 new security controls.

2. Amazon S3 Express One Zone now supports logging of all events in AWS CloudTrail.

3. AWS Secrets Manager announces open source release of Secrets Manager Agent.

4. AWS Partner Central now supports multi-factor authentication.

Trending in Cloud & Cyber Security (Security Blogs, articles, news, advisories etc):

1. AWS Security Blogs & Bulletins:

   • Top four ways to improve your Security Hub security score. Link.

   • Strategies for achieving least privilege at scale – Part 1.

   • Strategies for achieving least privilege at scale – Part 2.

   • Patterns for consuming custom log sources in Amazon Security Lake. Link.

2. General security blogs, articles & reports:

   • A hard look at GuardDuty shortcomings by Rami McCarthy. Link.

   • A collection of documented and undocumented AWS API models by Nick Frichette. Link.

   • Mitigant- Bedrock or Bedsand: Attacking Amazon Bedrock’s Achilles Heel. Link.

   • Are my AWS Resources Encrypted or Unencrypted by Default? by Jason Kao. Link.

   • New tactics and techniques for proactive threat detection: Re:Inforce PDF

   • CloudFlare- DDoS threat report for 2024 Q2. Link.

3. Trending on the news & advisories:

   • Google- Passkeys are now available for high risk users to enroll in the Advanced Protection Program. Link.

   • CISA and FBI Release Secure by Design Alert on Eliminating OS Command Injection Vulnerabilities. Link.

This week Long i.e. 3-5 minutes version (For architects & engineers):

1. AWS Security Hub has introduced 24 new security controls (total offerings now 418). Link. For example, I haven’t enabled all the controls in my test account but I could see 415 available:

   

2. Amazon S3 Express One Zone now supports logging all data plane API actions in AWS CloudTrail, providing detailed insights into the users making API calls to S3 Express One Zone and the timestamps of these calls. With AWS CloudTrail, you can now log not only directory and bucket-level actions like CreateBucket and DeleteBucket but also object-level activities such as PutObject and GetObject for S3 Express One Zone. Link. It’s well explained in THIS blog. For example, I was able to set up data events for my S3 Express One Zone from the CloudTrail console data events section:

   

3. AWS Secrets Manager introduced Secrets Manager Agent, a language-agnostic local HTTP service designed for fetching secrets from Secrets Manager and caching them in memory within your compute environments. This release enables you to streamline and unify the process of accessing secrets across various compute environments, eliminating the necessity for custom code. Link. (Note: I wasn’t able to install the agent in one of my EC2s for a demo and have reached out to AWS).

4. AWS Partner Central now includes support for multi-factor authentication (MFA) during login. Users will be required to enter a one-time passcode sent to their registered email address in addition to their login credentials to verify their identity. Link. For example, I was able to set and verify MFA is enabled in my Partner Central console: