DEV Community

Cover image for Issue 45 of AWS Cloud Security Weekly
AJ for AWS Community Builders

Posted on • Originally published at aws-cloudsec.com

Issue 45 of AWS Cloud Security Weekly

(This is just the summary of Issue 45 of AWS Cloud Security weekly @ https://aws-cloudsec.com/p/issue-45 << Subscribe to receive the full version in your inbox weekly).

What happened in AWS CloudSecurity & CyberSecurity last week May 13-May 22, 2024?

  • Amazon QuickSight now allows connectivity to Redshift data sources using an IAM role through GetClusterCredentialswithIAM. This enhancement builds on the previously introduced Redshift RunasRole feature by making the Database user/Database Group parameters optional, effectively linking the temporary user identity directly to the IAM credentials.
  • Amazon Detective adds support for EKS audit logs in Security Lake integration.
  • AWS Security Hub now supports version 3.0 of the Center for Internet Security (CIS) AWS Foundations Benchmark which includes 37 security controls, with 7 new controls that are unique to version 3.0. Security Hub has met the criteria for the CIS Security Software Certification and has been certified for levels 1 and 2 of the CIS AWS Foundations Benchmark version 3.0.

Trending on the news & advisories (Subscribe to the newsletter for details):

  • Amazon has a new CEO.
  • Oracle goes vegan: Dumps Terraform for OpenTofu.
  • Microsoft will require MFA for all Azure users.
  • SEC: Financial orgs have 30 days to send data breach notifications.
  • FedRAMP board launched to support safe, secure use of cloud services in government.
  • Prison for cybersecurity expert selling private videos from inside 400,000 homes.
  • Employee Personal GitHub Repos Expose Internal Azure and Red Hat Secrets.
  • CISA and ONCD Award the Winners of the Fifth Annual President’s Cup Cybersecurity Competition.
  • Linguistic Lumberjack: Attacking Cloud Services via Logging Endpoints (Fluent Bit - CVE-2024-4323).
  • Amazon S3 will no longer charge for several HTTP error codes.
  • Microsoft will require MFA for all Azure users.

Top comments (0)