Issue 35 of AWS Cloud Security Weekly

(Summary of Issue 35 of AWS Cloud Security weekly @ https://aws-cloudsec.com/p/issue-35)

What happened in AWS CloudSecurity & CyberSecurity last week March 04-10, 2024?

• Amazon Neptune has obtained authorization for Department of Defense Cloud Computing Security Requirements Guide Impact Levels 4 and 5 (DoD SRG IL4 and IL5) within the AWS GovCloud (US-East and US-West) Regions.
• AWS WAF now allows the examination of up to 64KB of the content in incoming HTTP/S requests for Amazon API Gateway, Cognito user pools, App Runner, and AWS Verified Access regional resources. The default inspection size has been adjusted from 8KB to 16KB.(Please note: Support for increased body limits for Application Load Balancers and App Sync is currently not available and you will be charged extra for each additional 16KB analyzed beyond the default body inspection limit). Here’s my WAF ACL rule sample for AWS Cognito (default body size limit) setting:
• Amazon Simple Email Service (SES) has introduced a new capability that allows you to define custom headers while utilizing SES v2 sending APIs for email transmission. The flexibility to set headers can be used for example for incorporating one-click unsubscribe functionality by appending list-unsubscribe headers to their emails. Check THIS blog out for details. (Note: The change was in response to Gmail and Yahoo Mail announcing a new set of requirements for senders effective from February 2024.) For example, I set the Unsubscribe option header for emails I send using python script below and could observe the “Unsubscribe” one-click option:
• Wickr on AWS has secured FedRAMP High authorization within the AWS GovCloud (US-West) Region. Now, you have the capability to employ Wickr to safeguard communications that fall under the FedRAMP High requirements.
• AWS X-Ray has introduced support for logging eight new data and one additional management event APIs within AWS CloudTrail. You can now capture all AWS X-Ray API activities related to both data and management events through AWS CloudTrail, like PutTraceSegments and GetTraceSummaries, as well as management events such as GetSamplingStatisticSummaries.

Trending on the news & advisories:

• Microsoft released an Update on the attack by Nation State Actor Midnight Blizzard via the 8-K/A (an amandement to previous 8K).
• CISA and NSA Release Cybersecurity Information Sheets on Cloud Security Best Practices.
• NSA released Advancing Zero Trust Maturity Throughout the Network and Environment Pillar.
• Ex-Google engineer charged with stealing AI trade secrets while working with Chinese companies.
• CrowdStrike to Acquire Flow Security to Expand its Data Security Posture Management (DSPM)