Issue 43 of AWS Cloud Security Weekly

AJ - May 6 - - Dev Community

(This is just the summary of Issue 43 of AWS Cloud Security weekly @ https://aws-cloudsec.com/p/issue-43 << Subscribe for FREE to receive the full version in your inbox weekly).

What happened in AWS CloudSecurity & CyberSecurity last week April 30-may 06, 2024?

  • AWS has launched a new EC2 API GetInstanceTPMEkPub that allows you to fetch the public endorsement key (EkPub) for the Nitro Trusted Platform Module (NitroTPM) in your Amazon EC2 instance.

  • Now, with Route 53 Resolver DNS Firewall, you can automatically skip inspecting domains that are part of a domain redirection chain, like Canonical Name (CNAME) and Delegation Name (DNAME), eliminating the need to explicitly add every domain in the chain to your Route 53 DNS Firewall allow-list. Previously, when you created allow-lists for domains, Route 53 DNS Firewall checked each DNS query from your VPC against the allow-list tied to a DNS Firewall rule. If a query pointed to a domain in a redirection chain (like a CNAME) that wasn't included in your allow-list, the DNS Firewall would block the query, requiring you to manually add each domain in the chain to your allow-list. With this update, you can now set your DNS Firewall rules to automatically cover all domains within a redirection chain, like CNAME or DNAME, without the need to list each one individually.

Trending on the news & advisories (Subscribe to the newsletter for details):

  • CISA and FBI Release Secure by Design Alert to Urge Manufacturers to Eliminate Directory Traversal Vulnerabilities.
  • Read Satya Nadella’s Microsoft memo on putting security first.
  • Former NSA Employee Sentenced to Over 21 Years in Prison for Attempted Espionage.
  • Former Cybersecurity Consultant Arrested For $1.5 Million Extortion Scheme Against IT Company.
  • White House Press Release: National Cyber Director Encourages Adoption of Skill-Based Hiring to Connect Americans to Good-Paying Cyber Jobs.
  • Dropbox filed SEC Form 8-K Filing and confirmed unauthorized access.
  • Change Healthcare hacked using stolen Citrix account with no MFA.
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .