This issue is co-sponsored by Invary- Check out Invary's ability to detect hidden rootkits, a task that modern threat detection solutions fail in action » HERE. & Co-sponsored by Sonrai Security- The First Cloud Permissions Firewall!

This week TLDR i.e. 2 minutes version (For executives):

1. AWS AppConfig now provides deletion protection for additional guardrails.

2. AWS Network Firewall introduces GeoIP Filtering to inspect traffic based on geographic location.

3. AWS WAF enhances rate-based rules to support lower rate limits.

4. AWS Security Hub launches 8 new security controls.

Trending in Cloud & Cyber Security (News, Blogs, Tweets etc):

1. AWS Security Blogs & Bulletins:

   • Automatically replicate your card payment keys across AWS Region. Link.

2. General security blogs, articles & reports:

   • Exploiting Misconfigured GitLab OIDC AWS IAM Roles by Nick Frichette.

   • Avoiding security incidents due to request collapsing by Scott Piper. Link.

   • Reusable workflow is good, Until you realize your identity is also reusable by anyone by Richard Fan. Link.

   • Navigating Secure Access in AWS: Verified Access vs. Traditional VPN by Sourav Chakraborty. Link.

   • How to Secure Amazon Bedrock with Guardrails for Safe AI Operations in the Cloud by Lahiru Hewawasam. Link.

   • Industrial IAM Service Role Creation by Rami. Link.

   • Bypassing airport security via SQL injection by Ian Carroll and Sam Curry. Link.

   • Announcing mandatory multi-factor authentication for Azure sign-in. Link.

   • encap-attack- Identification and Exploitation of Network Encapsulation in Kubernetes by Matthew Grove. Link.

3. Trending on the news & advisories:

   • YubiKey. Security Advisory YSA-2024-03 Infineon ECDSA Private Key Recovery. Link.

   • Google Chrome VRP Reward Updates to Incentivize Deeper Research. Link.

   • North Korean threat actor Citrine Sleet exploiting Chromium zero-day. Link.

   • Threat Actors Target the Middle East Using Fake Palo Alto GlobalProtect Tool by Mohamed Fahmy. Link.

   • Spoofed GlobalProtect Used to Deliver Unique WikiLoader Variant by Mark Lim, Tom Marsden. Link.

   • Dick’s sporting goods breach. Link.

   

This week Long i.e. 5-10 minutes version (For architects & engineers):

1. Per AWS release news, AppConfig resources, including Configuration Profiles and Environments now supports deletion protection, meaning resources that have been recently used cannot be deleted without explicitly bypassing this protection through the AWS Management Console, CLI, or API. Additionally, customers can define the duration that qualifies as “recently-used” to align with their organization's processes. Link. (Note: Even if AWS document mentions that the features can be enabled from AWS CLI/GUI, I didn’t observe options in the AWS console or on the latest version of AWS CLI).

2. AWS Network Firewall now offers GeoIP Filtering for both incoming and outgoing VPC traffic, allowing you to block traffic from or to certain countries. Previously, blocking involved manually managing a list of IP addresses for specific countries and frequently updating firewall rules. With GeoIP Filtering, you can now filter traffic by the country name. Link. For example, this is my rule to match US as the source for HTTP:

   

3. AWS WAF now allows you to set lower rate limit thresholds for rate-based rules, with a minimum rate limit of just 10 requests per evaluation window, down from the previous minimum of 100 requests. Rate-based rules in AWS WAF enable you to monitor incoming requests and control traffic that surpasses a specified rate. This could be handy in detecting and addressing traffic spikes affecting sensitive applications and APIs, facilitating faster responses to sudden increases in usage or malicious activity. Link. For example, I was able to set the rate limit to 10 requests per window:

   

4. AWS Security Hub has introduced 8 new security controls, bringing the total number of available controls to 423. The additional AWS services example include Amazon WorkSpaces, AWS DataSync, as well as new controls for previously supported services such as AWS CodeBuild and Amazon Athena. You can find the controls list HERE. Link. For example, these are the controls available in Security Hub:

   

   

   Subscribe

   Share