(This is just the summary of Issue 45 of AWS Cloud Security weekly @ https://aws-cloudsec.com/p/issue-45 << Subscribe to receive the full version in your inbox weekly).
What happened in AWS CloudSecurity & CyberSecurity last week May 13-May 22, 2024?
- Amazon QuickSight now allows connectivity to Redshift data sources using an IAM role through GetClusterCredentialswithIAM. This enhancement builds on the previously introduced Redshift RunasRole feature by making the Database user/Database Group parameters optional, effectively linking the temporary user identity directly to the IAM credentials.
- Amazon Detective adds support for EKS audit logs in Security Lake integration.
- AWS Security Hub now supports version 3.0 of the Center for Internet Security (CIS) AWS Foundations Benchmark which includes 37 security controls, with 7 new controls that are unique to version 3.0. Security Hub has met the criteria for the CIS Security Software Certification and has been certified for levels 1 and 2 of the CIS AWS Foundations Benchmark version 3.0.
Trending on the news & advisories (Subscribe to the newsletter for details):
- Amazon has a new CEO.
- Oracle goes vegan: Dumps Terraform for OpenTofu.
- Microsoft will require MFA for all Azure users.
- SEC: Financial orgs have 30 days to send data breach notifications.
- FedRAMP board launched to support safe, secure use of cloud services in government.
- Prison for cybersecurity expert selling private videos from inside 400,000 homes.
- Employee Personal GitHub Repos Expose Internal Azure and Red Hat Secrets.
- CISA and ONCD Award the Winners of the Fifth Annual President’s Cup Cybersecurity Competition.
- Linguistic Lumberjack: Attacking Cloud Services via Logging Endpoints (Fluent Bit - CVE-2024-4323).
- Amazon S3 will no longer charge for several HTTP error codes.
- Microsoft will require MFA for all Azure users.
Top comments (0)