This issue is co-sponsored by Invary- Check out Invary's ability to detect hidden rootkits, a task that modern threat detection solutions fail in action » HERE. & Co-sponsored by Sonrai Security- The First Cloud Permissions Firewall!

This week TLDR i.e. 2 minutes version (For executives):

1. Beginning October 1, 2024, AWS is making a change to Amazon CloudFront and how the service includes Signed URLs in standard access log.

2. AWS Config expands support for 124 resource types across 29 AWS Regions.

3. Amazon Verified Permissions improves support for OIDC identity providers.

4. Amazon Cognito enhances Advanced Security Features (ASF) to disallow password reuse and stream security events and to detect additional risks and to cover custom authentication flows.

Trending in Cloud & Cyber Security (News, Blogs, Tweets etc):

1. AWS Security Blogs & Bulletins:

   • How AWS tracks the cloud’s biggest security threats and helps shut them down by CJ Moses. Link.

   • Federated access to Amazon Athena using AWS IAM Identity Center. Link.

   • How AWS powered Prime Day 2024 for record-breaking sales. Link.

2. General security blogs, articles & reports:

   • Time to move on to Day 2 cloud operations by Eyal Estrin. Link.

   • Holding Cloud Vendors to a Higher Security Bar by Matthew Fuller. Link.

   • How some Let's Encrypt renewal failures pointed to an AWS traffic hijacking issue by Jamie Finnigan. Link.

   • What is the probability that you can successfully assume an IAM role in a random AWS account? by Michael Kirchner. Link.

   • Leaked Environment Variables Allow Large-Scale Extortion Operation of Cloud Environments by Margaret Zimmermann, Sean Johnstone, William Gamazo, Nathaniel Quist. Link.

   • Addressed AWS defaults risks: OIDC, Terraform and Anonymous to Administrator Access by Eduard Agavriloae. Link.

   • My Methodology to AWS Detection Engineering (Part 1: Object Selection) by Chester Le Bron. Link.

   • Harnessing LLMs for Automating BOLA Detection by Ravid Mazon, Jay Chen. Link.

   • Meet AI Goat: Open Source AI Security Learning Environment Based on the OWASP Top 10 ML Risks by Ofir Yakobi and Shir Sadon. Link.

   • Blackhat: Breaching AWS AccountsThrough Shadow Resources by Yakir Kadkoda, Michael Katchinskiy, Ofek Itach. Link.

   • Emerging phishing campaign targeting AWS accounts by Gili Tikochinski, Scott Piper. Link.

   • Shorten your detection engineering feedback loops with Grimoire. Link.

   • Canary Infrastructure vs. Real World TTPs By Rami McCarthy. Link.

   • Deep Linking AWS Console with all your AWS IAM Identity Center Roles. Link.

3. Trending on the news & advisories:

   • Azure- Announcing mandatory multi-factor authentication for sign-in. Link.

   • Microsoft Bounty Program Year in Review: $16.6M in Rewards. Link.

   • MSRC 2024 Most Valuable Security Researchers! Link.

   • Critical vulnerabilities in 6 AWS services disclosed at Black Hat USA. Link.

   • Wiz achieves FedRAMP Moderate authorization. Link and now a CVE Numbering Authority (CNA). Link.

   

This week Long i.e. 5-10 minutes version (For architects & engineers):

1. Currently, when Signed URLs are used, the full URL with the signature is logged in CloudFront's access logs. Starting October 1, 2024, the following changes will apply to how Signed URLs are logged: A If the signature is valid and successfully verified, the "Signature=" part of the URL will be redacted and replaced with "Signature=REDACTED-VERIFIED." B. If the signature is invalid and not successfully verified, the "Signature=" part will be redacted and replaced with "Signature=REDACTED-INVALID-<SUBERROR>," where <SUBERROR> details the specific verification failure, such as a missing or malformed policy or missing keys. These changes only affect the logging of the signature portion in CloudFront’s standard access logs and do not alter the functionality of the Signed URLs.

2. AWS Config expands support for 124 resource types across 29 AWS Regions. You can check the full list HERE.

3. Amazon Verified Permissions has made it easier for developers to implement fine-grained authorization when using third-party identity providers like Okta, CyberArk, and Transmit Security. Developers can now manage user permissions based on attributes and group memberships through their own OpenID Connect (OIDC) compliant identity provider. Link.

4. Amazon Cognito has upgraded Advanced Security Features (ASF) to better meet enterprise requirements and now supports preventing users from reusing their previous passwords, aiding in compliance efforts. Additionally, you can stream security events from ASF to an Amazon S3 bucket, Amazon Kinesis Firehose, or CloudWatch Insights. This capability enables you to integrate ASF events with security data from other AWS and third-party tools, providing deeper insights and enhancing overall security. Additionally, ASF now detects risks like "impossible travel," where a user logs in from two locations within a timeframe that makes travel between them unrealistic. Furthermore, ASF has improved its ability to identify risks in custom authentication flows. By enabling risk detection and adaptive authentication, you can enhance the security of applications that use custom authentication factors. Here’s my setting:

   

   

   Subscribe

   Share