This week TLDR i.e. 1 minute version (For executives):
Amazon EC2 Allowed AMIs now integrates with AWS Config.
AWS WAF now supports URI fragment field matching.
Amazon Inspector expands ECR support for minimal container base images and enhanced detections.
Amazon GuardDuty Malware Protection for S3 now available in AWS GovCloud (US) Regions.
AWS Service Reference Information now supports resources and condition keys.
AWS Verified Access achieves FedRAMP High and Moderate authorization.
Trending in Cloud & Cyber Security:
AWS Security Blogs & Bulletins:
General security blogs, articles, reports & trending news/advisories:
GitLab critical security patch. Link.
Inside BRUTED: Black Basta (RaaS) Members Used Automated Brute Forcing Framework to Target Edge Network Devices by Arda Büyükkaya. Link.
Harden-Runner detection: tj-actions/changed-files action is compromised by Varun Sharma. Link.
Wiz to Join Google Cloud. Link.
NEW: Open Cloud Security Conference. Link.
This week Long i.e. 3-5 minutes version (For architects & engineers):
‘
Allowed AMIs
’, an AWS account-wide EC2 setting that restricts AMI usage, now integrates with AWS Config, which allows you to automatically track and detect instances launched with unapproved AMIs using a new AWS Config rule. Link. For example, this is my rule:AWS WAF now supports URI fragment field matching, allowing you to inspect and match content within the URI fragment alongside the existing URI path support. This feature enhances security by enabling more precise rule creation based on the portion of the URL after the "#" symbol. For instance, if your login page includes a dynamic fragment like "foo://login.aspx#myFragment," you can create a rule that permits only requests containing the "myFragment" fragment while blocking others. This allows for targeted security measures, such as restricting access to sensitive areas, identifying unauthorized attempts, and improving bot detection by analyzing fragment patterns used by malicious actors. Link. For example, here’s my rule:
Amazon Inspector now supports scanning for scratch, distroless (Debian/Ubuntu-based), and Chainguard images, expanding security coverage for minimal and security-focused container bases. Additionally, ECR scanning now includes ecosystems like Go toolchain, Oracle JDK & JRE, Apache Tomcat, WordPress, and more, helping you detect vulnerabilities in third-party software. These enhancements are also available via the Amazon Inspector SBOM Scan API.Link.
AWS announced the availability of Amazon GuardDuty Malware Protection for Amazon S3 in AWS GovCloud (US) regions. This expansion enables scanning of newly uploaded S3 objects for malware, viruses, and other threats, allowing you to detect and isolate suspicious files. Link. Here’s my Gov console:
AWS now includes resources and condition keys in service reference information, offering a more comprehensive view of service permissions. This enhancement simplifies policy management automation by allowing you to retrieve available actions across AWS services from machine-readable files. Link. For example, this is the reference for Cloudtrail:
AWS Verified Access achieved FedRAMP High and Moderate authorization. Link.