Issue 40 of AWS Cloud Security Weekly

(This is just the summary of Issue 40 of AWS Cloud Security weekly @ https://aws-cloudsec.com/p/issue-40 << Subscribe to receive the full version in your inbox weekly).

What happened in AWS CloudSecurity & CyberSecurity last week April 8-April 15, 2024?

• Amazon Route 53 now provides domain name registration services for 18 additional Top-Level Domains (TLDs), with extensions such as .beer, .bid, .bio, .christmas, .contact, .design, .fan, .fun, .law, .llc, .ltd, .pw, .shopping, .ski, .software, .stream, .vote, and .work
• Amazon EMR on EKS now supports user authentication and authorization process integration with Amazon EKS's upgraded cluster access management features. With this update, Amazon EMR on EKS leverages EKS access management controls to effortlessly acquire the required permissions for executing Amazon EMR applications on the EKS cluster. Previously, Amazon EMR on EKS provided support for IAM authentication and authorization to EKS clusters. Customers were required to set up aws-auth and RBAC (Role-Based Access Control) configurations to allow EMR on EKS access to the EKS cluster. Now, by assigning access permissions for the EKS cluster to the IAM role of EMR, EMR on EKS gains automatic access to the EKS cluster without the need for manual RBAC or aws-auth configuration.
• Customers utilizing AWS IAM Identity Center (idC) can now benefit from an optimized AWS access portal and efficient shortcut links, allowing them to swiftly navigate to specific destinations within the AWS Management Console based on their permissions.
• You now have the option to safeguard AWS Lambda URL origins by employing CloudFront Origin Access Control (OAC), which permits access exclusively from specified CloudFront distributions. This approach provides AWS default DDoS protection via AWS Shield Standard but also enables the application of AWS Web Application Firewall (WAF) rules, safeguarding Lambda applications against malicious bots and common web exploits.
• Amazon Detective has introduced a new functionality aimed at aiding the investigation of threats identified by Amazon GuardDuty's EC2 Runtime Monitoring feature. This expansion enhances Detective's capacity to offer visual representations and contextual information for examining runtime threats directed at EC2 instances.
• AWS Key Management Service (AWS KMS) has introduced enhanced flexibility, visibility, and pricing options for automated key rotation. The rotation frequency now ranges from every 90 days to up to 7 years (2560 days), and there is an option to trigger key rotation on demand for customer-managed KMS keys. Additionally, you can access history of all previous rotations for any KMS key that has undergone rotation.
• AWS Transfer Family now offers the capability to import and utilize a trading partner's public, self-signed TLS certificate for transmitting Applicability Statement 2 (AS2) messages to their server via HTTPS. Furthermore, you now have the option to encrypt messages sent to your partner's server using the 3DES cipher. By default, AS2 connectors will encrypt messages using the AES128 cipher unless you specifically opt for 3DES to maintain compatibility with your partner's current AS2 implementation. These functionalities complement the existing AS2 interoperability features of AWS Transfer Family, facilitating seamless connections with trading partners necessitating these particular security configurations.

Trending on the news & advisories:

• LG WebOS vulnerabilities let us gain root access on the TV after bypassing the authorization mechanism.
• CISA Announces Malware Next-Gen Analysis.
• AT&T data breach impacts 51 million customers.
• Google workspace- Protect sensitive admin actions with multi-party approvals.
• Apple- About Apple threat notifications and protecting against mercenary spyware.
• Compromise of Sisense Customer Data.
• CISA Directs Federal Agencies to Immediately Mitigate Significant Risk From Russian State-Sponsored Cyber Threat.
• Software Supply Chain Security Deep-Dive (Part 1) by Francis (software analyst) and Nipun Gupta.
• LastPass- Attempted Audio Deepfake Call Targets LastPass Employee.
• CISA. Lessons from XZ Utils: Achieving a More Sustainable Open Source Ecosystem by Jack Cable.
• PaloAlto. PAN-OS: OS Command Injection Vulnerability in GlobalProtect.
• Roku- Unauthorized actors accessed about 15,000 Roku user accounts using login credentials.
• Former Amazon Security Engineer Sentenced To Three Years In Prison For Hacking Two Decentralized Cryptocurrency Exchanges.
• FBI PSA- Smishing Scam Regarding Debt for Road Toll Services.