This issue is Co-sponsored by Invary- Check out Invary's ability to detect hidden rootkits, a task that modern threat detection solutions fail in action » HERE. & Co-sponsored by Sonrai Security- The First Cloud Permissions Firewall!

This week TLDR i.e. 1 minute version (For executives):

1. Amazon Inspector enhances engine for Lambda standard scanning.

2. AWS Serverless Application Repository now supports AWS PrivateLink.

3. AWS CloudTrail launches network activity events for VPC endpoints (preview).

4. AWS announces Security Group Referencing on AWS Transit Gateway.

5. Amazon Aurora MySQL now supports RDS Data API.

6. PostgreSQL 17.0 is now available in Amazon RDS Database preview environment.

7. Chatbot management policy introduced in AWS Organizations.

8. Amazon S3 adds Service Quotas support for S3 general purpose buckets.

9. AWS Announces AWS re:Post Agent, a generative AI-powered virtual assistant.

10. Amazon SES adds HTTPS open tracking for custom domains.

11. Amazon Redshift announces mTLS support for Amazon MSK.

Trending in Cloud & Cyber Security (News, Blogs, Tweets etc):

1. AWS Security Blogs & Bulletins:

   • Managing identity source transition for AWS IAM Identity Center. Link.

   • How to migrate 3DES keys from a FIPS to a non-FIPS AWS CloudHSM cluster. Link.

   • How to implement relationship-based access control with Amazon Verified Permissions and Amazon Neptune. Link.

   • Keep your firewall rules up-to-date with Network Firewall features. Link.

   • How to perform a proof of concept for automated discovery using Amazon Macie. Link.

2. General security blogs, articles & reports:

   • An attack chain for the ChatGPT macOS application: Spyware Injection Into Your ChatGPT's Long-Term Memory (SpAIware). Link.

   • Threat brief-Unraveling SloppyLemming’s operations across South Asia. Link.

   • Hacking Kia: Remotely Controlling Cars With Just a License Plate. Link.

   • Attacking UNIX Systems via CUPS, Part I (Remote Command Execution). Link. Related: Remote execution exploit chain in CUPS: Overview, detection, and remediation by Christophe Tafani-Dereeper and Nick Frichette. Link.

   • Storm-0501: Ransomware attacks expanding to hybrid cloud environments. Link.

   • Your AWS EC2 Has Been Hacked. What Will Happen Now? Sena Yakut. Link.

   • Critical Vulnerabilities Discovered in Automated Tank Gauge Systems by Pedro Umbelino. Link.

   • Backdooring Azure Automation Account Packages and Runtime Environments

     Karl Fosaaen. Link.

   • Investigating Infrastructure and Tactics of Phishing-as-a-Service Platform Sniper Dz by Shehroze Farooqi, Howard Tong, Alex Starov. Link.

   • Securing Your Contingent Workers With Zero Trust by Kane Narraway. Link.

   • Tool: Cloudprefixes: a lightweight tool designed to assist in recon by handling IP prefixes published by cloud and hosting providers. Link.

   • Detecting Vulnerability Scanning Traffic From Underground Tools Using Machine Learning by Chris Navarrete, Qian Feng, Durgesh Sangvikar, Yanhui Jia. Link.

   • Why Multi-Account in AWS? by Marty Henderson. Link.

   • Searching AWS Transit Gateway Flow Logs with Amazon Athena. Link.

3. Trending on the news & advisories:

   • US Department of State reward offers under the Transnational Organized Crime Rewards Program of up to $10 million. Link.

   • NVIDIA: Security Bulletin: NVIDIA Container Toolkit - September 2024. Link.

   • Irish Data Protection Commission fines Meta Ireland €91 million for saving passwords in plaintext. Link.

   • Europol: LockBit power cut: four new arrests and financial sanctions against affiliates. Link.

This week Long i.e. 3-5 minutes version (For architects & engineers):

1. Amazon Inspector introduced an upgraded engine for its Lambda standard scanning which offers a more thorough view of vulnerabilities in the third-party dependencies used in Lambda functions and associated layers within the environment. Do note that: with this change, you may observe some findings being closed as the engine re-assesses resources for improved risk evaluation, while also identifying new vulnerabilities. Link.

2. AWS Serverless Application Repository now supports AWS PrivateLink, allowing you to connect to the repository through an interface VPC endpoint ie. you can establish a direct connection from VPC to the Serverless Application Repository via AWS PrivateLink, eliminating the need for an internet connection. Link. For example, here’s my endpoint:

   

3. AWS introduced CloudTrail network activity for VPC endpoints (in preview) which allows you to gain enhanced visibility into AWS API activity passing through your VPC endpoints. During the preview, network activity events for VPC endpoints are available for four AWS services: EC2, KMS, Secrets Manager & CloudTrail. These network activity events provide insights into who is accessing resources within your network. For example, as the VPC endpoint owner, you can view logs of actions blocked by VPC endpoint policies or use these events to verify the effects of policy updates. Link. For example, this is my settings in my CloudTrail:

   

4. AWS announced the general availability of Security Group Referencing across VPCs connected via AWS Transit Gateway (TGW). This feature simplifies Security Group management and enhances the security posture of TGW-based networks.

   Previously, it was not possible to use Security Group references to control traffic between VPCs connected through TGW. This capability eliminates the need to reconfigure security rules when applications scale or IP addresses change. Additionally, rules with Security Group references offer greater scalability by covering thousands of instances with a single rule, helping you avoid hitting Security Group or ENI limits. Link. For example, this is my configuration for the transit gateway with the feature enabled:

   

5. Amazon Aurora MySQL-Compatible Edition now offers a redesigned RDS Data API for both Aurora Serverless v2 and provisioned database instances, allowing you to securely access Aurora clusters via an HTTP endpoint and execute SQL statements without needing database drivers or managing connections. Link. Here’s my config for a new Aurora RDS & sample CLI command:

   

6. Amazon RDS for PostgreSQL 17.0 is now available in the Amazon RDS Database Preview Environment, enabling you to test the pre-release version of PostgreSQL 17 on Amazon RDS. Link. Here are the options in my preview mode:

   

7. AWS has announced the general availability of AWS Organizations integration with AWS Chatbot. You can now centrally manage account access through Slack and Microsoft Teams using AWS Organizations. Also, a new chatbot management policy type has been introduced in AWS Organizations, enabling control over account access from chat channels. Additionally, Service Control Policies (SCPs) allow you to enforce global permission boundaries on CLI commands initiated from chat channels. Link. Here’s a sample chatbot policy that blocks all three available clients:

   

8. You can now manage your Amazon S3 general-purpose bucket quotas through Service Quotas. This feature allows you to view the total number of buckets in your AWS account, compare it to your current bucket quota, and request an increase, if needed. Link. Here’s my quota sample:

   

9. AWS re:Post has introduced “re:Post Agent”, a generative AI-powered assistant designed to improve interactions by delivering intelligent, near real-time responses on the platform. re:Post Agent offers the initial response to questions within the re:Post community. Link. I tried a question and interestingly the answer was not provided by the re:Post agent because of the security policy:

   

10. Amazon Simple Email Service (SES) now supports HTTPS for tracking open and click events when using custom domains. This enhancement helps meet security compliance standards and reduces the likelihood of email delivery problems with mailbox providers that reject non-secure links. The feature allows you to configure HTTPS as either mandatory for both open and click tracking or optional, depending on the protocol used in the links within your emails. Link. Here’s my policy in the configuration:

    

11. Amazon Redshift is expanding the authentication options to include mutual Transport Layer Security (mTLS) between Amazon Redshift provisioned clusters or serverless workgroups and Amazon Managed Streaming for Apache Kafka (MSK) clusters or serverless setups. Link. (Note: I wasn’t able to hands-on this due to time constraints but you can try this using steps in THIS document.)

    

    Subscribe

    Share