This issue is Sponsored by Invary- Check out Invary's ability to detect hidden rootkits, a task that modern threat detection solutions fail in action » HERE.

This week TLDR i.e. 1 minute version (For executives):

1. AWS Config now supports a service-linked recorder.

Trending in Cloud & Cyber Security:

1. AWS Security Blogs & Bulletins:

   • An enhanced version of the AWS Secrets Manager transform. Link.

   • Securely share AWS resources across VPC and account boundaries with PrivateLink, VPC Lattice, EventBridge, and Step Functions by Jeff Barr. Link.

   • AWS Network Firewall Geographic IP Filtering launch. Link.

   • AWS post-quantum cryptography migration plan. Link.

   • 5 tech predictions for 2025 and beyond, according to Amazon CTO Dr. Werner Vogels. Link.

   • Model produces pseudocode for security controls in seconds by Mina Ghashami, Ali Torkamani. Link.

2. General security blogs, articles & reports:

   • How Attackers(Rizzlers) Can Exploit AWS Trust Policies to Hide Behind Third-Party Roles by Or Aspir. Link.

   • Breaking WAF Technical Analysis. Link.

   • Shattering the Rotation Illusion: Part 1 - Code Hosting & Version Control Platforms. Link.

   • Machine Learning Bug Bonanza – Exploiting ML Clients and “Safe” Model Formats by Shachar Menashe, Or Peles, Ori Hollander, Uriya Yavnieli. Link.

   • Meeten Malware: A Cross-Platform Threat to Crypto Wallets on macOS and Windows by Tara Gould. Link.

   • (QR) Coding My Way Out of Here: C2 in Browser Isolation Environments by Thibault Van Geluwe de Berlaere. Link.

   • Caught in the Net: Unmasking Advanced Phishing Tactics by Tom Barnea. Link.

   • Agentic AI's Intersection with Cybersecurity by Chris Hughes. Link.

3. Trending on the news & advisories:

   • CISA: Enhanced Visibility and Hardening Guidance for Communications Infrastructure. Link.

   • Snowblind: The Invisible Hand of Secret Blizzard. Link.

   • Timeline- U.S. Organization in China Targeted by Attackers. Link.

   • MOONSHINE Exploit Kit and DarkNimbus Backdoor Enabling Earth Minotaur’s Multi-Platform Attacks by: Joseph C Chen, Daniel Lunghi. Link.

This week Long i.e. 3-5 minutes version (For architects & engineers):

1. AWS Config now supports a service-linked recorder, a new type of recorder managed by an AWS service that captures configuration data for service-specific resources, for example, Amazon CloudWatch telemetry configurations audit. With this feature, you can record telemetry configurations for AWS services like VPC Flow Logs, EC2 Detailed Metrics, Lambda Traces etc. Link.

   

   

   Subscribe

   Share