This issue is Co-sponsored by Invary- Check out Invary's ability to detect hidden rootkits, a task that modern threat detection solutions fail in action » HERE. & Co-sponsored by Sonrai Security- The First Cloud Permissions Firewall!

This week TLDR i.e. 1 minute version (For executives):

1. Amazon EKS endpoints now support connectivity over IPv6.

2. AWS CloudShell now supports Amazon Q CLI.

3. Amazon QuickSight now supports programmatic export, import of shared folders & triggering scheduled reports via API.

Trending in Cloud & Cyber Security (News, Blogs, Tweets etc):

1. AWS Security Blogs & Bulletins:

   • Bulletin: CVE-2024-10125 - missing JWT issuer and signer validation in aws-alb-identity-aspnetcore. Link.

   • Bulletin: CVE-2024-8901 - missing JWT issuer and signer validation in aws-alb-route-directive-adapter-for-istio. Link.

   • An unexpected discovery: Automated reasoning often makes systems more efficient and easier to maintain. Link.

   • Options for AWS customers who use Entrust-issued certificates. Link.

   • How to build a Security Guardians program to distribute security ownership. Link.

   • How to use interface VPC endpoints to meet your security objectives. Link.

2. General security blogs, articles & reports:

   • Sunshine Through Stormy Clouds: Bringing AWS Security to Mergers and Acquisitions by Almahdi Sahad. Link.

   • Protecting Data and Preventing Ransomware: The IAM Guide to Managing and Updating Encryption for AWS Resources by Jason Kao. Link.

   • Dispelling public cloud security myths. Link.

   • Breaching the Data Perimeter: CloudTrail as a mechanism for Data Exfiltration. Link.

   • Silent Threat: Red Team Tool EDRSilencer Disrupting Endpoint Security Solutions by Jacob Santos, Cj Arsley Mateo, Sarah Pearl Camiling. Link.

   • Interesting read: Digital Yard Signs: Analysis of an AI Bot. Political Influence Campaign on X by Darren Linvill and Patrick Warren. Link.

   • Fraudulent North Korean IT Worker Schemes: From Insider Threats to Extortion by Counter Threat Unit Research Team. Link.

   • Amazon helps the US Department of Justice thwart international cybercriminal group Anonymous Sudan. Link.

   • Mandiant: How Low Can You Go? An Analysis of 2023 Time-to-Exploit Trends. Link.

   • Interesting one: BSides Exeter - Ross Bevington's Turning The Tables: Using Cyber Deception To Hunt Phishers At Scale. Link.

   • The state of CloudSecurity 2024 by Datadog. Link.

   • How S3 Object Lock affects the AWS Config, AWS CloudTrail and AWS Control Tower. Link.

   • ConfusedPilot: UT Austin & Symmetry Systems Uncover Novel Attack on RAG-based AI Systems. Link.

   • Turning AWS Documentation into Gold: AI-Assisted Security Research by Jonathan Walker. Link.

3. Trending on the news & advisories:

   • Cisco Event Response: Reports of Security Incident. Link.

   • New macOS vulnerability, “HM Surf”, could lead to unauthorized data access. Link.

   • Microsoft said it lost weeks of security logs for its customers’ cloud products. Link.

   • CISA advisory: Iranian Cyber Actors’ Brute Force & Credential Access Compromises. Link.

   • DDoS suspects- Anonymous Sudan indicted. Link.

   • Alabama Man Arrested for Role in Securities and Exchange Commission X Account Hack. Link.

   • Cyera acquires Trail Security for $162M; Cyera is now raising at a $3B valuation. Link.

   • Sophos to Acquire Secureworks. Link.

     

This week Long i.e. 3-5 minutes version (For architects & engineers):

1. Amazon EKS now offers dual stack support for both the EKS management API endpoint and the Kubernetes API server endpoint in IPv6 EKS clusters. Dual stack support is also available for private access to the EKS management API endpoint from your Amazon VPC via AWS PrivateLink. These dual stack endpoints are provided under a new AWS DNS domain name, while the existing EKS management API endpoints remain available for backward compatibility. Link. This is well explained in THIS blog. For example this is my EKS cluster with IPv6:

   

2. AWS announced integration of Amazon Q CLI into CloudShell, enabling the use of natural language to generate AWS commands and offering personalized command suggestions, minimizing the need to search through documentation. Link. For example, here’s my test prompt:

   

3. Amazon QuickSight now supports programmatic export and import of shared folders. Link and triggering scheduled reports via API. Link. The export/import APIs are StartAssetBundleExportJob and StartAssetBundleImportJob. This update allows you to back up, restore, replicate, and migrate QuickSight folders along with their member assets and subfolders. Previously, folder deployment had to be managed separately. Additionally, the StartDashboardSnapshotJobSchedule API runs the report according to the configured schedule settings, including export formats (PDF, CSV, Excel, etc.) and email details (subject line, body text, and attachments). You can find all the CLI referenced for QuickSight HERE.

   

   Subscribe

   Share