This issue is sponsored by Invary. Check out Invary's ability to detect hidden rootkits, a task that modern threat detection solutions fail in action » HERE.

This week TLDR i.e. 1 minute version (For executives):

1. Amazon ECS now supports Amazon Linux 2023 and more for on-premises container workloads.

2. AWS Step Functions now supports Customer Managed Keys.

Trending in Cloud & Cyber Security (Security Blogs, articles, news, advisories etc):

1. AWS Security Blogs & Bulletins:

   • How to build a CA hierarchy across multiple AWS accounts and Regions for global organization? Link.

   • Patterns for consuming custom log sources in Amazon Security Lake. Link.

2. General security blogs, articles & reports:

   • Truffle Security- Anyone can Access Deleted and Private Repository Data on GitHub. Link.

   • Automating WAF for Multi-Cloud in Dataspaces by Mohamed Radwan. Link.

   • Reversing AWS IAM unique IDs by Aidan Steele. Link.

   • Knowbe4 How a North Korean Fake IT Worker Tried to Infiltrate Us . Link.

   • Malicious Python Package Targets macOS Developers to Access their GCP Accounts by Yehuda Gelb. Link.

   • Unfashionably secure: why we use isolated VMs by Marco Slaviero. Link.

   • Revealing the Inner Structure of AWS Session Tokens by Tal Be'ery. Link.

   • Emulating and Detecting Scattered Spider-like Attacks by Kennedy Torkura. Link.

   • Securing your secrets in AWS by Warren Parad. Link.

   • Tips for SOCLess Oncall by Rami McCarthy. Link.

   • FiveXL- Keeping your data secure in transit with ECS Service Connect. Link.

3. Trending on the news & advisories:

   • Docker Security Advisory: AuthZ Plugin Bypass Regression in Docker Engine. Link.

   • Congratulations to the Top MSRC 2024 Q2 Security Researchers!. Link.

   • Google- Building security into the redesigned Chrome downloads experience. Link.

This week Long i.e. 3-5 minutes version (For architects & engineers):

1. Amazon Elastic Container Service (Amazon ECS) now supports the management of on-premises workloads running on Amazon Linux 2023, Fedora 40, Debian 11, Debian 12, Ubuntu 24, and CentOS Stream 9. The Amazon ECS Anywhere feature allows you to deploy and manage containerized applications on your own virtual machines (VMs) and bare metal servers. Link. For example, I tried to install on one of my external EC2s:

   

2. AWS Step Functions now supports using Customer Managed Keys with AWS Key Management Service (AWS KMS) to encrypt State Machine and Activity resources. This new feature allows you to secure your workflow definitions and execution data with your own encryption keys. Link. For example, when I deployed a state machine, I had the option to use my customer managed key: