This issue is Co-sponsored by Invary- Check out Invary's ability to detect hidden rootkits, a task that modern threat detection solutions fail in action » HERE. & Co-sponsored by Sonrai Security- The First Cloud Permissions Firewall!

This week TLDR i.e. 1 minute version (For executives):

1. AWS new service reference information, for policy management workflows.

2. Amazon CloudFront launches support for JA4 fingerprinting.

3. AWS announced general availability of Console to Code to generate code.

4. AWS now supports WhatsApp in AWS End User Messaging Social.

5. AWS Identity Center (IdC, previously known as SSO) now displays QR code for AWS Console Mobile Application Sign-In.

Trending in Cloud & Cyber Security (News, Blogs, Tweets etc):

1. AWS Security Blogs & Bulletins:

   • Strengthening security in the era of generative AI: Must-attend sessions at re:Invent 2024. Link.

   • How AWS uses active defense to help protect customers from security threats. Link.

2. General security blogs, articles & reports:

   • Earth Simnavaz (aka APT34) Levies Advanced Cyberattacks Against UAE and Gulf Regions by Mohamed Fahmy, Bahaa Yamany, Ahmed Kamal, Nick Dai. Link.

   • Unit 42: Contagious Interview: DPRK Threat Actors Lure Tech Industry Job Seekers to Install New Variants of BeaverTail and InvisibleFerret Malware. Link.

   • Proof of concept: Palo Alto Expedition: From N-Day to Full Compromise by Zach Hanley. Link.

   • Perfecting Ransomware on AWS — Using keys to the kingdom to change the locks by Harsh Varagiya. Link.

   • Challenges with IP spoofing in cloud environments by Emile-Hugo Spir. Link.

   • AWS Account Vending by Scott Piper. Link.

   • Password Managers for Small & Midsize Businesses by Zack Glick. Link.

   • Microsoft- File hosting services misused for identity phishing. Link.

   • Drasi: Microsoft’s newest open-source project simplifies change detection and reaction in complex systems. Link.

   • OpenAI- Threat actors using OpenAI for cyber operations. PDF Link.

3. Trending on the news & advisories:

   • Cloudflare Acquires Kivera to Deliver Simple, Preventive Cloud Security. Link.

   • Fidelity investments data breach. Link.

   • FTC Takes Action Against Marriott and Starwood Over Multiple Data Breaches. Link.

   • Internet archive security incident. Twitter Link.

     

This week Long i.e. 3-5 minutes version (For architects & engineers):

1. AWS now provides service reference information to simplify the automation of policy management workflows, allowing you to retrieve available actions across AWS services from machine-readable files. Note: You can find the complete reference information list HERE. For example, for IAM service (LINK) it was:

   

2. Amazon CloudFront now supports JA4 fingerprinting for incoming requests, allowing you to permit trusted clients or block malicious ones. The JA4 fingerprint is transmitted through the Cloudfront-viewer-ja4-fingerprint header. You can analyze these fingerprints with custom logic on your web servers or by using CloudFront Functions or Lambda@Edge. For example, here’s my policy:

   

3. AWS announces the general availability of Console to Code, powered by Amazon Q Developer. With a few click, you can generate code for the console actions in the preferred format (eg YAML, JSON, SDK etc). Link. Note: I generated a Python SDK which worked fine but the downloaded .py file had incomplete text. I will report this to the AWS team.

   

4. AWS Identity Center (IdC, previously known as SSO) now displays QR code for AWS Console Mobile Application Sign-In option. For example, this is my IdC app:

   

5. AWS introduces End User Messaging Social, allowing you to connect to endusers via WhatsApp, with interactive capabilities. It also integrates with End User Messaging SMS and Push notifications. (Note: I wasn’t able to add the phone number & will reach out to AWS. I was able to connect AWS to WhatsApp business).

   

   

   Subscribe

   Share