This issue is Co-sponsored by Invary- Check out Invary's ability to detect hidden rootkits, a task that modern threat detection solutions fail in action » HERE. & Co-sponsored by Sonrai Security- The First Cloud Permissions Firewall!

This week TLDR i.e. 1 minute version (For executives):

1. AWS Payment Cryptography now supports card issuing use cases.

2. AWS Network Firewall now supports configurable TCP idle timeout.

3. AWS Incident Detection and Response now available in 16 additional AWS regions.

4. Enhancements for SES Mail Manager: authenticated ingress endpoint, verified customer identity & message envelope search.

5. Amazon WorkMail now supports multi-factor authentication.

6. Amazon Virtual Private Cloud launches new security group sharing features.

Trending in Cloud & Cyber Security (News, Blogs, Tweets etc):

1. AWS Security Blogs & Bulletins:

   • Unauthorized tactic spotlight: Initial access through a third-party identity provider. Link.

   • Leveraging API Gateway Lambda Authorizer for Securing your APIs with Okta FGA. Link.

2. General security blogs, articles & reports:

   • Tool: cdk-bucket-takeover-scanner scan AWS accounts for potential S3 bucket takeovers risk in environments using AWS CDK by Avishay Bar. Link.

   • Tool: Federator. Multi-Cloud Secure Federation: One-Click Terraform Templates for Cross-Cloud Connectivity. Link.

   • Threat actor abuses Gophish to deliver new PowerRAT and DCRAT byy Chetan Raghuprasad. Link.

   • A bitwise analysis of AWS access key identifiers by Pallavi Sivakumaran. Link.

   • Protect AI's October 2024 Vulnerability Report by Dan McInerney & Marcello Salvati. Link.

   • Breaking free from the chains of fate - Bypassing AWSCompromisedKeyQuarantineV2 Policy by Bleon Proko. Link.

   • How to Defend Against Alleged Snowflake Attacker ‘Judische’. Link.

   • Cryptocurrency Enthusiasts Targeted in Multi-Vector Supply Chain Attack

     by Yehuda Gelb. Link.

   • Unmasking the SYS01 Infostealer Threat: Bitdefender Labs Tracks Global Malvertising Campaign Targeting Meta Business Pages by Ionut Alexandru BALTARIU, Nicolae POSTOLACHI, Alina BÎZGĂ. Link.

   • “CrossBarking” — Exploiting a 0-Day Opera Vulnerability with a Cross-Browser Extension Store Attack by Guardio. Link.

   • EMERALDWHALE: 15k Cloud Credentials Stolen in Operation Targeting Exposed Git Config Files. By Miguel Hernández. Link.

   • LightSpy: Implant for iOS. Link.

   • Discovering Zero-Day Vulnerabilities in Live Streaming Cameras with the Help of AI by Noah Stone. Link.

   • MacOS Malware Surges as Corporate Usage Grows By Ilya Kolmanovich, Prashant Kadam, Duy-Phuc Pham, Max Kersten and Joe Malenfant. Link.

   • Voice-Enabled AI Agents: How They Can Perform Common Scams by Daniel Kang. Link.

   • Mishing in Motion: Uncovering the Evolving Functionality of FakeCall Malware by Fernando Ortega. Link.

   • Modern AWS Access: Moving from IAM Users to AWS Identity Center by Rowan Udell. Link.

3. Trending on the news & advisories:

   • SEC Charges Four Companies with Misleading Solarwind Cyber Disclosures. Link.

   • Amazon Cybersecurity Sleuths Emerge From the Shadows By Jamie Tarabay. Link.

   • Lastpass: Fake Web Store Reviews Attempting to Steal Customer Data

     by Mike Kosak. Link.

   • Okta security advisory on auth bypass for username Above 52 Characters. Link.

   • Android Security Bulletin November 2024. Link.

   • Canada Arrests Man Suspected of Hacks of Snowflake Customers. Link.

     

This week Long i.e. 3-5 minutes version (For architects & engineers):

1. AWS Payment Cryptography announced an EMV PIN change feature, cardholder-selectable PINs, and PIN reveal. The EMV PIN change feature allows issuers to create secure payloads for updating PINs stored on the EMV chip of credit or debit cards. Cardholder-selectable PINs and PIN reveal, can enable cardholders to set or retrieve their PINs through a mobile app, ensuring PCI compliance with end-to-end PIN data encryption. AWS Payment Cryptography enables you to migrate payment processing workloads to the cloud. Link. You can find the command samples HERE.

2. AWS Network Firewall has introduced a new feature that enables you to adjust the TCP idle timeout value to match your application’s specific TCP idle timeout needs. This enhancement allows AWS Network Firewall to perform continuous stateful inspection on applications with long-lived connections, such as financial systems, databases, and ERP applications. Previously, the TCP idle timeout was set to a fixed 350 seconds, which could disrupt the long-lived connections of some applications. Now, with this update, you can configure the TCP idle timeout anywhere from 60 to 6000 seconds, while the default remains at 350 seconds for compatibility with existing setups. Link. Here is the timeout option in my policy:

   

3. AWS Incident Detection and Response is now available in 16 additional AWS regions. Link. You can find all eligible regions HERE.

4. SES Mail Manager has introduced three new features. First, it now supports authenticated connections to ingress endpoints over TCP port 587 (the email submission port). Second, it enforces verified customer identity when using Mail Manager SMTP relays, and allows you to create routing rules based on MIME header content. Lastly, Mail Manager archives now support message envelope search, enabling users to distinguish between named and blind-copied recipients when searching and exporting archived messages. With support for connections over TCP port 587, ingress endpoints can now more seamlessly replace on-premises mail servers, such as Exchange or Postfix, which often use this same port. Additionally, Mail Manager’s relay function now includes a custom header to identify the specific source, and a corresponding rule action allows you to enforce this unique identifier as a delivery condition. Together, these features enhance relaying security beyond simply relying on allowlisted IP addresses. Lastly, the search and export capabilities in archiving now treat the message envelope ‘From’ and ‘To’ as distinct fields, separate from the visible ‘From’ and ‘To’ fields, which may show different values. This makes it possible to easily identify messages received via BCC. Link. Here are my configs options:

   

5. Amazon WorkMail now offers multi-factor authentication (MFA) support through integration with AWS IAM Identity Center, adding an extra layer of security to WorkMail logins and helping prevent unauthorized access. Administrators can link IAM Identity Center with Active Directory or external identity providers like Okta or Microsoft Entra ID, allowing mailbox users to sign in to the WorkMail web app using IAM Identity Center credentials. Link. For example, here’s my Workmail integration with AWS Identity Center:

   

6. AWS now simplifies security group management with new sharing features. You can associate a security group with multiple VPCs in the same account and share it across participant accounts in a shared VPC. This improves consistency and eases configuration for administrators, allowing uniform traffic control across VPCs and accounts. Previously, security groups were limited to the VPC they were created in, but now you can enforce consistent traffic rules for resources across VPCs and accounts within your organization. Link. Here’s my sharing:

   

   

   Subscribe

   Share