This issue is Co-sponsored by Invary- Check out Invary's ability to detect hidden rootkits, a task that modern threat detection solutions fail in action » HERE. & Co-sponsored by Sonrai Security- The First Cloud Permissions Firewall!
This week TLDR i.e. 1 minute version (For executives):
AWS Security Hub launches 7 new security controls.
Amazon CloudFront no longer charges for requests blocked by AWS WAF.
Amazon Verified Permissions launches new API to get multiple policies.
AWS IAM now supports PrivateLink in the AWS GovCloud (US) Regions.
AWS IAM Identity Center now supports search by permission set name.
AWS announces availability of Microsoft Windows Server 2025 images on Amazon EC2.
Amazon QuickSight now supports Client Credentials OAuth for Snowflake & Starburst through API/CLI.
AWS Lambda announces JSON logging support for .NET managed runtime.
Configure Route53 CIDR blocks rules based on Internet Monitor suggestions.
AWS CloudTrail Lake announces enhanced event filtering.
AWS Lambda supports Customer Managed Key (CMK) encryption for Zip function code artifacts.
Trending in Cloud & Cyber Security (News, Blogs, Tweets etc):
AWS Security Blogs & Bulletins:
Bulletin: Issue with data.all (Multiple CVEs). Link.
Maximize your cloud security experience at AWS re:Invent 2024: A comprehensive guide to security sessions. Link.
Amazon Inspector suppression rules best practices for AWS Organizations. Link.
Implement effective data authorization mechanisms to secure your data used in generative AI applications. Link.
Introducing the last cohort of AWS Heroes this year – November 2024. Link.
General security blogs, articles & reports:
Mandatory MFA is coming to Google Cloud. Link.
INTERPOL cyber operation takes down 22,000 malicious IP addresses. Link.
Closing the Cloud Gap: CDR vs. Traditional Security in the Fight for Resilience. Link.
BlueNoroff Hidden Risk:Threat Actor Targets Macs with Fake Crypto News and Novel Persistence by Raffaele Sabato, Phil Stokes & Tom Hegel. Link.
Androxgh0st Botnet: Unraveling The Latest Exploitation Wave. Link.
Veeam Backup & Response: RCE With Auth, But Mostly Without Auth (CVE-2024-40711) by Sina Kheirkhah. Link.
Evasive ZIP Concatenation: Trojan Targets Windows Users
by Arthur Vaiselbuh & Peleg Cabra. Link.
Ymir: new stealthy ransomware in the wild by Cristian Souza, Ashley Muñoz & Eduardo Ovalle. Link.
Effective techniques for AWS Ransomware by Chris Farris. Link.
Unmasking Phishing: Strategies for identifying 0ktapus domains and beyond by Amitai Cohen, Shahar Dorfman. Link.
Trending on the news & advisories:
CISA FBI NSA: 2023 Top Routinely Exploited Vulnerabilities. Link.
Police Freak Out at iPhones Mysteriously Rebooting Themselves, Locking Cops Out by Joseph Cox. Link.
Snyk Acquires Developer-First DAST Provider Probely. Link.
CrowdStrike to Acquire Adaptive Shield to Deliver Integrated SaaS Security Posture Management. Link.
Attackers Abuse DocuSign API to Send Authentic-Looking Invoices At Scale. Link.
Government of Canada orders the wind up of TikTok Technology Canada, Inc. following a national security review under the Investment Canada Act. Link.
HPE Aruba security advisory. Link.
CISCO security advisory. Link.
PaloAlto Netwotks. Important Informational Bulletin: Ensure Access to Management Interface is Secured. Link.
Signal: Private Calls feature. Link.
This week Long i.e. 3-5 minutes version (For architects & engineers):
AWS Security Hub has released 7 new security controls, increasing the total number of controls offered to 437. Link.
Starting October 25, 2024, all requests blocked by AWS WAF on Amazon CloudFront will be free of charge. This means you won’t be billed for request or data transfer fees for any requests that AWS WAF blocks. No changes to applications are required, and this update automatically applies to all CloudFront distributions using AWS WAF. Link.
Amazon Verified Permissions has introduced a new API
batchGetPolicies
, allowing you to retrieve multiple policies with a single API call. This is especially useful for populating a list of policies that apply to a specific principal or resource. Link. Here’s my API example:AWS IAM now offers support for AWS PrivateLink in the AWS GovCloud (US) Regions, allowing you to establish a private connection between your Virtual Private Cloud (VPC) and IAM and reducing reliance on public internet connectivity. Link. For example:
(Finally!!) AWS IAM Identity Center (SSO) now supports permission set search, allowing you to filter permission sets by their names (ie using any substring search). Link. Here’s my search hit:
Amazon EC2 now offers Microsoft Windows Server 2025 with License Included (LI) Amazon Machine Images (AMIs). Link. For example, here’s my option:
Amazon QuickSight is supports Client Credentials flow-based OAuth via API/CLI for connecting to Snowflake & Starburst data sources. Link1 and Link2. For more information, check THIS.
AWS Lambda now supports native capture of application logs in a JSON structured format for Lambda functions running on the .NET managed runtime. The JSON format organizes logs as key-value pairs, making it easier to search, filter, and analyze large volumes of logs. This enhancement helps you efficiently troubleshoot issues and gain insights into the performance of your Lambda functions. Link. It is well explained in THIS blog. For example, here’s my logging configuration:
Amazon CloudWatch Internet Monitor's new traffic optimization suggestions feature allows you to configure your Amazon Route 53 CIDR blocks to direct your application's client users to the most optimal AWS Region based on network performance. Link. Here’s my optimization page overview which had suggested updates for top Regions, top locations and Route 53 routing:
AWS has improved event filtering capabilities in AWS CloudTrail Lake and you can now filter both management and data events by the following new attributes:
eventSource:
AWS service that received the request,eventType
: Type of event that generated the record,userIdentity.arn
: IAM entity that made the request &sessionCredentialFromConsole
: Indicates if the event originated from an AWS Management Console session. Link. For example, this filter:AWS Lambda now allows you to encrypt Lambda function ZIP code artifacts using customer-managed keys, rather than the default AWS-owned keys. Link. For example, this is my option for the zip I upload: