This week TLDR i.e. 1 minute version (For executives):

1. AWS WAF enhances Data Protection and logging experience.

2. AWS Network Firewall introduces automated domain lists and insights.

3. Announcing fine-grained access control via AWS Lake Formation with EMR on EKS.

4. Certificate-Based Authentication is now available on Amazon AppStream 2.0 multi-session fleets.

5. Amazon Verified Permissions now supports the Cedar JSON entity format.

Trending in Cloud & Cyber Security:

1. AWS Security Blogs & Bulletins:

   • Four ways to grant cross-account access in AWS. Link.

   • From log analysis to rule creation: How AWS Network Firewall automates domain-based security for outbound traffic. Link.

   • Connect your on-premises Kubernetes cluster to AWS APIs using IAM Roles Anywhere. Link.

2. General security blogs, articles, reports & trending news/advisories:

   • State of cloud remediation by Idan Perez, Michael St.Onge and Joseph Barringhaus. Link.

   • Locked Out, Dropboxed In: When BEC threats innovate. Link.

   • Removing Jeff Bezos From My Bed by Dylan Ayrey and Jake King. Link.

   • Abusing AWS Serverless Image Handler by Karim El-Melhaoui. Link.

   • Secure RDS authentication using SSO and ephemeral login token. Link.

   • Seeing what your Resource Control Policies (RCPs) are going to break by Michael Kirchner. Link.

   • Processing 23 Billion Rows of ALIEN TXTBASE Stealer Logs by Tory Hunt. Link.

   • An inside look at NSA (Equation Group) TTPs from China’s lense. Link.

   • Signals of Trouble: Multiple Russia-Aligned Threat Actors Actively Targeting Signal Messenger. Link.

   • FortiSandbox 5.0 Detects Evolving Snake Keylogger Variant by Kevin Su. Link.

   • Meet NailaoLocker: a ransomware distributed in Europe by ShadowPad and PlugX backdoors by Marine Pichon, Alexis Bonnefoi. Link.

   • DMARC for PCI DSS 4.0 mandatory from 2025 by Ahona Rudra. Link.

   • Deceptive Development targets freelance developers by Matěj Harvánek. Link.

   • Weathering the storm: In the midst of a Typhoon by Cisco Talos. Link.

   • Apple pulls iCloud end-to-end encryption feature in the UK. Link.

   • Google announced quantum-safe digital signatures in Cloud KMS. Link.

   • North Korean Unauthorized Activity Involving ETH Cold Wallet $1.5 billion ByBit crypto heist. Link.

This week Long i.e. 3-5 minutes version (For architects & engineers):

1. AWS WAF enhanced its Data Protection features with new controls for sensitive data in logs, which allow you to implement customized safeguards for sensitive information, such as passwords, API keys, authentication tokens, and other confidential data, across specific fields like headers, parameters, and body content. You can configure data protection at the web ACL level to apply across all output destinations or limit it to logging, affecting only the data AWS WAF sends to the designated logging destination. Protection can be enforced through substitution, which replaces content with "REDACTED," or hashing for enhanced security. Link. Here’s my sample data protection rule set at WebACL’s page “logging and metrics” section.

   

2. AWS Network Firewall now supports automated domain lists and insights, improving network traffic visibility and streamlining firewall rule configuration. This feature analyzes HTTP and HTTPS traffic logs from the past 30 days, identifying frequently accessed domains. With these insights, you can quickly create rules based on observed network traffic patterns. Link. Here is the setting for my network firewall.

   

3. AWS announced the general availability of fine-grained data access control (FGAC) in AWS Lake Formation for Apache Spark on Amazon EMR on EKS which allows enforcing comprehensive FGAC policies—including database, table, column, row, and cell-level controls—on data lake tables from EMR on EKS Spark jobs. Link.

4. Amazon AppStream 2.0 introduced certificate-based authentication (CBA) support for multi-session fleets running Microsoft Windows and joined to an Active Directory. This feature enables administrators to maximize the cost benefits of the multi-session model while improving user access and security. Link.

5. Amazon Verified Permissions now supports the same JSON format for entity and context data as the Cedar SDK, making authorization requests easier for developers. This update brings the Amazon Verified Permissions API in closer alignment with the open-source Cedar SDK. As a result, transitioning between the SDK and Amazon Verified Permissions is now more seamless. Link. Find JSON entity HERE.

   

   Subscribe

   Share