DEV Community

Cover image for Issue 42 of AWS Cloud Security Weekly
AJ for AWS Community Builders

Posted on • Originally published at

Issue 42 of AWS Cloud Security Weekly

(This is just the summary of Issue 42 of AWS Cloud Security weekly @ << Subscribe for FREE to receive the full version in your inbox weekly).

What happened in AWS CloudSecurity & CyberSecurity last week April 22-April 29, 2024?

  • Amazon Inspector now provides continuous monitoring of EC2 instances for software vulnerabilities without the need for installing an agent or additional software. The existing method uses the AWS Systems Manager (SSM) agent to check for vulnerabilities in third-party software. With this update, Inspector introduces two scanning modes for EC2 assessments: hybrid scan mode and agent-based scan mode. In hybrid scan mode, Inspector utilizes SSM agents to gather data from instances for vulnerability assessments. If an instance doesn't have an SSM agent installed or configured, Inspector automatically switches to agentless scanning. In agentless scanning, Inspector creates snapshots of EBS volumes to gather software inventory from the instances to assess vulnerabilities.
  • With AWS CloudFormation StackSets, you can now set up and manage Amazon Data Lifecycle Manager default policies for the entire organization or specific organizational units (OUs). These default policies complement existing backup strategies by ensuring that EBS-backed AMIs and EBS Snapshots are only created for instances and volumes lacking recent backups. This approach helps administrators ensure that all member accounts have thorough backup coverage while avoiding duplicate backups, thereby reducing both management effort and costs.
  • AWS AppFabric now supports SentinelOne Singularity Cloud as both a data source and a compatible security destination, allowing IT administrators and security analysts to use AppFabric to connect with 27 supported SaaS applications, consolidate enriched and standardized SaaS audit logs, and monitor end-user access across their SaaS apps.
  • AWS CodeBuild now supports managed GitHub Actions self-hosted runners, enabling you to configure CodeBuild projects to receive GitHub Actions workflow job events and execute them on CodeBuild's temporary hosts. With this feature, GitHub Actions can integrate seamlessly with AWS, providing enhanced security and convenience through services like IAM, AWS Secrets Manager, AWS CloudTrail, and Amazon VPC. Customers can leverage all the compute platforms offered by CodeBuild, including Lambda, GPU-enabled, and Arm-based instances.

Trending on the news & advisories (Subscribe to the newsletter for details):

  • UnitedHealth Group Updates on Change Healthcare Cyberattack- it paid the attackers.
  • ArcaneDoor - New espionage-focused campaign found targeting perimeter network devices.
  • WordPress Automatic Plugin <= 3.92.0 is vulnerable to SQL Injection.
  • IBM to Buy HashiCorp in $6.4 Billion Deal.
  • How an empty S3 bucket can make your AWS bill explode by Maciej Pocwierz.
  • The State of AWS's Block Public Access: Is It Secure By Default? by Jason Ko.
  • An overview of CloudTrail events that are interesting from an Incident Response perspective.
  • Amazon Science- 98 Amazon Research Awards recipients announced.
  • Okta- How to Block Residential Proxies using Okta.

Top comments (0)