This week TLDR i.e. 1 minute version (For executives):

1. AWS announces notification actions in the AWS Console Mobile App for iOS.

2. IPv6 Service Endpoints support for AWS Network Firewall, IPv6 compatibility for AWS Secrets Manager VPC Endpoints and CloudTrail.

3. SES Mail Manager now supports full lifecycle logging.

4. Amazon ECR expands registry policy to all ECR actions.

Trending in Cloud & Cyber Security:

1. AWS Security Blogs & Bulletins:

   • Bulletin: Issue with RedShift JDBC Driver, Python Connector & ODBC Driver - (CVE-2024-12744, CVE-2024-12745, CVE-2024-12746). Link.

   • How to enhance Amazon Macie data discovery capabilities using Amazon Textract. Link.

2. General security blogs, articles, reports & trending news/advisories:

   • Get Phished by a Public AWS Systems Manager Automation Document by Gabriel Koo. Link.

   • New AWS tool recommends removal of unused permissions. IAM Access Analyzer feature ny Loris D'Antoni, Chungha Sung. Link.

   • The many ways to obtain credentials in AWS by Scott Piper. Link.

   • Implement security invariants in an AWS Management Account by Chris Farris. Link.

   • Avoiding mistakes with AWS OIDC integration conditions by Scott Piper. Link.

   • Bedrock Slip: Sysdig TRT Discovers CloudTrail Logging Missteps. Link.

   • Deep Dive: AWS Organization Policies (Part 1). Link.

   • CISA Binding Operational Directive (BOD 25-01): Implementing Secure Practices for Cloud Services. Link.

   • Cloud Atlas seen using a new tool in its attacks by Oleg Kupreev. Link.

   • Earth Koshchei Coopts Red Team Tools in Complex RDP Attacks by Feike Hacquebord, Stephen Hilt. Link.

   • Effective Phishing Campaign Targeting European Companies and Organizations by Shachar Roitman, Ohad Benyamin Maimon, William Gamazo. Link.

   • CISA Mobile Communications Best Practice Guidance. Link.

   • BeyondTrust Remote Support SaaS Service Security Investigation. Link.

   • Spyware distributed through Amazon Appstore. Link.

   • Multiple Vulnerabilities in Sophos Firewall. Link

   • Data Security Platforms: New Frontier in Cybersecurity & AI by Francis. Link.

   • Cyberhaven Chrome extension security incident. Link.

   • Critical Notice: .NET Install links are changing. Link.

   • DoubleClickjacking: A New Era of UI Redressing by Paulo Syibelo. Link.

This week Long i.e. 3-5 minutes version (For architects & engineers):

1. AWS launched notification actions in the AWS Console Mobile Application for iOS. The action buttons will appear on the notification details screen when you receive a push notification from AWS User Notifications on your mobile device so that you can quickly take actions such as viewing logs, or starting, stopping, or rebooting an EC2 instance directly from the event notification. Link. I didn’t have a sample alert but here’s the push notification settings in my iOS app.

   

2. AWS Network Firewall, AWS Secrets Manager and CloudTrail now support IPv6, IPv4, or dual stack clients. This support extends to private access to the services API endpoint from your Amazon Virtual Private Cloud (VPC) via AWS PrivateLink. For eg:

   

3. SES Mail Manager now provides comprehensive logging for both ingress endpoints and rules engine actions. Customers can configure a variety of monitoring options across three standard logging destinations: CloudWatch, S3, and Firehose. Link. For example here are my options:

   

4. Amazon Elastic Container Registry (Amazon ECR) introduces Registry Policy v2, which now enables the management of IAM permissions for all ECR API actions. This updated registry policy simplifies the process for customers to control access to ECR features within their accounts. Link. For example, my policy scope was “V2”.

   

   

   Subscribe

   Share