Episode Summary
Last week in security news: Videos from fwd:cloudsec are now available on YouTube, AWS announces AWS Payment Cryptography, Amazon CodeGuru Security is now available in preview, and more!
Episode Show Notes & Transcript
Links:
- There was lots of great content presented at fwd:cloudsec. The day-long videos are up on YouTube. You can use the schedule to help find the talks you're interested in.
- In contrast to AWS's "Shared Responsibility Model", I appreciate GCP's "Shared Fate Model" where they put their own skin in the game in ensuring their customers are protected. In their New Cryptomining Protection Program, they offer $1M in what is basically an insurance policy that comes with Security Command Center Premium.
- Bob McMillan from the WSJ reports that North Korean hackers have stolen more than $3 billion in crypto over the last 5 years, and their heists are now funding fully half of its ballistic missile program.
- a16z writes Hiring a Chief Information Security Officer.
- Removing header remapping from Amazon API Gateway, and notes about our work with security researchers - AWS made a breaking change to respond to a security issue. The security researchers that found the issue wrote their side of the story, describing it as AWS API Gateway header smuggling and cache confusion.
- Issue with AWS Directory Service EnableRoleAccess - AWS released a security bulletin for this issue, which they seem to do at random for security issues. Ben Bridts from Cloudar found and reported this issue which AWS has fixed. He goes into more detail in his blog post and in a talk at fwd:cloudsec.
- Amazon CloudWatch Logs data protection account level policy configuration
- AWS WAF Fraud Control launches account creation fraud prevention and reduced pricing
- AWS announces AWS Payment Cryptography
- AWS Transfer Family announces quantum-safe key exchange for SFTP
- Amazon CodeGuru Security is now available in preview
- Amazon Inspector announces the general availability of Code Scans for AWS Lambda function
- AWS announces Software Bill of Materials export capability in Amazon Inspector
- Amazon EC2 Instance Connect supports SSH and RDP connectivity without public IP address
- Amazon GuardDuty enhances console experience with findings summary view
- Amazon Detective extends finding groups to Amazon Inspector
- Amazon S3 announces dual-layer server-side encryption for compliance workloads
- AWS CloudTrail Lake launches curated dashboards for visualizing top CloudTrail trends
- AWS IAM Identity Center now supports automated user provisioning from Google Workspace
