This issue is Co-sponsored by Invary- Check out Invary's ability to detect hidden rootkits, a task that modern threat detection solutions fail in action » HERE. & Co-sponsored by Sonrai Security- The First Cloud Permissions Firewall!

This week TLDR i.e. 1 minute version (For executives):

1. AWS Security Hub launches 7 new security controls.

2. Printer redirection and user selected regional settings now available on Amazon AppStream 2.0 multi-session fleets.

3. Amazon Q Business is now HIPAA eligible.

4. Amazon WorkSpaces now supports file transfer between WorkSpaces sessions and local devices.

5. Amazon Route 53 Resolver endpoints now support DNS-over-HTTPS (DoH) with Server Name Indication (SNI) validation.

Trending in Cloud & Cyber Security (News, Blogs, Tweets etc):

1. AWS Security Blogs & Bulletins:

   • Bulletin: Issue with NVIDIA Container Toolkit (CVE-2024-0132, CVE-2024-0133). Link.

   • Improve security incident response times by using AWS Service Catalog to decentralize security notifications. Link.

   • Enhancing data privacy with layered authorization for Amazon Bedrock Agents. Link.

   • Customer compliance and security during the post-quantum cryptographic migration. Link.

   • Zelkova: Projective model counting for IP addresses in access control policies. PDF Link.

2. General security blogs, articles & reports:

   • Can you run an AWS command from Slack, without any AWS credentials? by CloudSecurityPro. Link.

   • When AI Gets Hijacked: Exploiting Hosted Models for Dark Roleplaying by Ian Ahl. Link.

   • My Methodology to AWS Detection Engineering (Part 3 - Variable Scoring) by Chester Le Bron. Link.

   • Cloud native incident response in AWS - Part II by invictus-ir. Link.

   • SHROUDED#SLEEP: A Deep Dive into North Korea’s Ongoing Campaign Against Southeast Asia By Den Iuzvyk, Tim Peck. Link.

   • perfctl: A Stealthy Malware Targeting Millions of Linux Servers by Assaf Morag and Idan Revivo. Link.

   • Cloud Logging Tips and Tricks by Alice Klimovitsky. Link.

   • How to Transition AWS WAF from COUNT Mode to BLOCK Mode by nishikawaakira. Link.

   • Private Self-Hosted OIDC AWS Authentication by Piotr Pabis. Link.

   • Browser Extension: Granted now mitigates device auth phishing in AWS IAM Identity Center by Chris Norman. Link.

   • Orca- 2024 State of AI Security Report. PDF Link.

3. Trending on the news & advisories:

   • Security Brief: Royal Mail Lures Deliver Open Source Prince Ransomware. Link.

   • How Cloudflare auto-mitigated world record 3.8 Tbps DDoS attack. Link.

   • Winamp open sourced. Link.

   • Interpol: Arrests targeting cybercriminals in West Africa. Link.

   • Government Wiretaps in U.S. Internet Providers Infiltrated by Chinese Hackers by Matt Johansen. Link.

   • Indiana Man Pleads Guilty to Cyber Intrusion & $37 Million Cryptocurrency Theft. Link.

   • ADT security breach- filing. Link.

   • Hacker attack disrupts Russian state media on Putin's birthday. Link.

     

This week Long i.e. 3-5 minutes version (For architects & engineers):

1. AWS Security Hub has introduced 7 additional security controls, bringing the total number of controls to 430. These new controls now extend support to additional resource types, including S3 Multi-Region Access Points, Apache Kafka (MSK) Connect & GuardDuty EKS Runtime Monitoring. Link. I was able to observe all new controls in my SecurityHub console:

   

2. Amazon AppStream 2.0 has added support for local printer redirection and user-selected regional settings to multi-session fleets. Previously available only on single-session fleets, these features are now extended to multi-session environments. Link. (Note: This doesn’t require a printer driver installation on the AppStream instance). For example, here’s my config:

   

3. Amazon Q Business is now HIPAA (Health Insurance Portability and Accountability Act) compliant Link.

4. Amazon WorkSpaces introduced ability to transfer files between a WorkSpaces Personal session and a local computer, enabling users to manage and share files more efficiently. This feature is available on personal WorkSpaces using the DCV streaming protocol through Windows, Linux client applications, or web access. Link. (Note: By default, Amazon WorkSpaces disables the file transfer function).

5. Amazon Route 53 Resolver endpoints for DNS-over-HTTPS (DoH) now supports Server Name Indication (SNI), allowing you to specify a target server hostname for DNS query requests from your outbound endpoints to DoH servers that require SNI for TLS validation. With DoH on Amazon Route 53 Resolver endpoints, you can encrypt DNS queries passing through the endpoints, enhancing privacy by reducing the visibility of the exchanged information. This update lets you configure the hostname in your outbound endpoint settings to facilitate TLS handshakes for DNS requests sent from the outbound endpoints to the DoH server. Link. For example, here’s my Route53 Endpoint Resolver SNI config:

   

   

   Subscribe

   Share