(This is just the highlight of Issue 60 of AWS Cloud Security weekly @ https://aws-cloudsec.com/p/issue-60 << Subscribe to receive the full version in your inbox weekly for free!!)
What happened in AWS CloudSecurity & CyberSecurity last week August 27- September 03, 2024?
- Per AWS release news, AppConfig resources, including Configuration Profiles and Environments now supports deletion protection, meaning resources that have been recently used cannot be deleted without explicitly bypassing this protection through the AWS Management Console, CLI, or API. Additionally, customers can define the duration that qualifies as “recently-used” to align with their organization's processes.
- AWS Network Firewall now offers GeoIP Filtering for both incoming and outgoing VPC traffic, allowing you to block traffic from or to certain countries. Previously, blocking involved manually managing a list of IP addresses for specific countries and frequently updating firewall rules. With GeoIP Filtering, you can now filter traffic by the country name.
- AWS WAF now allows you to set lower rate limit thresholds for rate-based rules, with a minimum rate limit of just 10 requests per evaluation window, down from the previous minimum of 100 requests. Rate-based rules in AWS WAF enable you to monitor incoming requests and control traffic that surpasses a specified rate. This could be handy in detecting and addressing traffic spikes affecting sensitive applications and APIs, facilitating faster responses to sudden increases in usage or malicious activity.
- AWS Security Hub has introduced 8 new security controls, bringing the total number of available controls to 423. The additional AWS services example include Amazon WorkSpaces, AWS DataSync, as well as new controls for previously supported services such as AWS CodeBuild and Amazon Athena.
Trending on the news & advisories (Subscribe to the newsletter for details):
- YubiKey. Security Advisory YSA-2024-03 Infineon ECDSA Private Key Recovery.
- Google Chrome VRP Reward Updates to Incentivize Deeper Research.
- North Korean threat actor Citrine Sleet exploiting Chromium zero-day.
- Threat Actors Target the Middle East Using Fake Palo Alto GlobalProtect Tool by Mohamed Fahmy.
- Spoofed GlobalProtect Used to Deliver Unique WikiLoader Variant by Mark Lim, Tom Marsden.
- Dick’s sporting goods breach.