This week TLDR i.e. 1 minute version (For executives):

1. AWS IAM announces support for encrypted SAML assertions.

2. AWS Verified Access launches Zero Trust access to resources over non-HTTP(S) protocols.

3. Amazon GuardDuty Malware Protection for S3 announces price reduction.

4. AWS IAM Identity Center now offers improved error messages and AWS CloudTrail logging for provisioning issues.

5. AWS WAF Console adds new top insights visualizations in additional regions.

6. AWS Secrets and Configuration Provider now integrates with Pod Identity for Amazon EKS.

Trending in Cloud & Cyber Security:

1. AWS Security Blogs & Bulletins:

   • Implementing least privilege access for Amazon Bedrock. Link.

   • Enhancing telecom security with AWS. Link.

   • Announcing ASCP integration with Pod Identity: Enhanced security for secrets management in Amazon EKS. Link.

   • How AWS Network Firewall session state replication maximizes high availability for your application traffic. Link.

2. General security blogs, articles, reports & trending news/advisories:

   • Tool: STS SAML Driver: SAML authentication handler for AWS STS that allows you to get temporary credentials using SAML to the AWS CLI. Link.

   • GitHub: AWS Resource control policy examples. Link.

   • AWS IAM User Enumeration by Nate Wilson. Link.

   • How Adversaries Exploit Unmonitored Cloud Regions to Evade Detection by Permiso Team. Link.

   • The Complete Guide to Cloud-Native Ransomware Protection in Amazon S3 and KMS by Jason Kao. Link.

   • Take my money: OCR crypto stealers in Google Play and App Store. Link.

   • Bitcoin to the moon: Trump endorsing, scammers exploiting. Link.

   • Persistent Threats from the Kimsuky Group Using RDP Wrapper. Link.

   • Wiz: The State of AI in the Cloud 2025. Link.

   • Brave Browser: Using custom scriptlets to make the Web work the way you want. Link.

   • 20 AWS influencers to follow right now by Danny Aspinall. Link.

   • Apple patch for “extremely sophisticated attack”. Link.

   • Securing the Identity Attack Surface: A Deep Dive into the New Battlefield of Identity Security by Francis. Link.

   • Drata Acquires SafeBase. Link.

This week Long i.e. 3-5 minutes version (For architects & engineers):

1. AWS IAM now supports encrypted SAML assertions, enhancing security for federated single sign-on (SSO). SAML, a widely used open standard, allows identity providers (IdPs) to authenticate users and applications for AWS access. With this update, you can configure your IdP to encrypt SAML assertions before they are sent to IAM, ensuring protection against exposure when transmitted through intermediaries, like a web browsers. Link. For example, here’s the option for my identify provider.

   

2. AWS Verified Access now supports secure access to resources using protocols like TCP, SSH, and RDP. This update enables VPN-less access to corporate applications and resources by leveraging AWS zero trust principles. It simplifies security operations by eliminating the need for separate access and connectivity solutions for non-HTTP(S) resources on AWS. Link. For example, this is an example for a connection for RDS.

   

3. Amazon GuardDuty Malware Protection for S3 is reducing the price for the data scanned dimension by 85%, lowering the cost in US East (N. Virginia) from $0.60 to $0.09 per GB. The pricing for objects evaluated remains unchanged. Link. You can find pricing details HERE.

4. AWS IAM Identity Center now offers enhanced error messages to simplify troubleshooting during user and group synchronization using SCIM or configurable AD sync. This is helpful in automated monitoring and auditing errors. Link. I don’t have a sync app but you can find CloudTrial logs examples HERE.

5. AWS WAF’s console dashboard in the AWS GovCloud (US) Regions now features enhanced visualizations, providing deeper insights into top traffic sources. If you have CloudWatch logging destinations, you can access a new top insights section within the all traffic dashboard, offering richer visibility. Link.

6. AWS Secrets Manager now supports AWS Secrets and Configuration Provider (ASCP) integration with Amazon EKS Pod Identity, simplifying IAM authentication for retrieving secrets and parameters. This enhancement enables more efficient and secure IAM permission management for Kubernetes applications, allowing granular access control using role session tags. Link. Well explained in THIS blog.

   

   Subscribe

   Share