Issue 99 & 100
7 days of Cloud Security, recapped in 7 minutes or less!
This week TLDR i.e. 1 minute version (For executives):
AWS Security Hub now supports NIST SP 800-171 Revision 2.
CloudTrail Lake now supports event enrichment and expanded event size.
Announcing Red Hat Enterprise Linux for AWS.
Amazon S3 Express One Zone now supports granular access controls with S3 Access Points.
Trending in Cloud & Cyber Security:
AWS Security Blogs & Bulletins:
N/A this week.
General security blogs, articles, reports & trending news/advisories:
CloudTrail Logging Evasion: Where Policy Size Matters by Abian Morina. Link.
PumaBot: Novel Botnet Targeting IoT Surveillance Devices. Link.
Mark Your Calendar: APT41 Innovative Tactics. Link.
Safari Vulnerability Enables Attackers to Steal Credentials with Fullscreen BitM Attacks. Link.
Sublime Email Threat Research Report. Link.
CloudRec: open source multi-cloud security posture management (CSPM) platform. GitHub Link. (Important note: Ant Group is a company based in China).
This week Long i.e. 3-5 minutes version (For architects & engineers):
AWS Security Hub now supports NIST SP 800-171 Rev. 2, a U.S. cybersecurity framework for protecting sensitive information in non-federal systems. Link. Here is the option in my console:
AWS CloudTrail Lake now offers event enrichment for easier activity categorization and analysis, and expanded event size (up to 1 MB, from the 256 KB limit) for more detailed API action visibility. Link. For example, here’s my query for a specific principal tag:
Red Hat Enterprise Linux (RHEL) for AWS is now generally available, starting with RHEL 10. This offering combines Red Hat's enterprise Linux with native AWS integration. Key features include pre-tuned images, Amazon CloudWatch telemetry, integrated AWS CLI, container-native tooling, enhanced security, and optimized networking with ENA support. Link. For example, here are my options in the EC2 launch console:
Amazon S3 Express One Zone now supports granular access control via S3 Access Points which allows refined access based on prefixes or API actions, enabling tailored policies for teams, applications, or individuals. Each access point offers a unique hostname, customizable permissions, and VPC restrictions, facilitating use cases like write-only data ingestion, read-only analytics, and restricted cross-account sharing. Link. For example, here’s my permission boundary using prefix:
