Issue 39 of AWS Cloud Security Weekly

(This is just the summary of Issue 39 of AWS Cloud Security weekly @ https://aws-cloudsec.com/p/issue-39 << Subscribe to receive the full version in your inbox weekly).

What happened in AWS CloudSecurity & CyberSecurity last week April 2-April 8, 2024?

• AWS Lambda has introduced support for building serverless applications using Ruby 3.3 (can use as both managed runtime and a container base image). The Lambda Ruby 3.3 runtime is constructed upon the latest Amazon Linux 2023 runtime, which relies on the AL2023 minimal container image. Additionally, it includes updated versions of common libraries like glibc and introduces a new package manager.
• Amazon CloudWatch: Cross-account observability is now enabled and now supports cross-account anomaly detection. Note: To try this, I had to first set cross-account functionality in CloudWatch & set the monitoring account (make sure to copy ARN of the “sink”) & source account.One thing I observed is that the cross-account will have ViewOnly access if you choose “FullAccess” option for the cross-account role. The sink ARN looks something like this: arn:aws:oam:us-east-1:915614547777:sink/77084777-db32-44a3-bf1c-08405aebe
• Amazon AppStream 2.0 has introduced support for initiating the client application for Windows from an Identity Provider (IdP)-initiated SAML 2.0 sign-in flow. End-users can now authenticate to SAML 2.0 IdPs via their system's default web browser before transitioning into the streaming session within the Windows client. This functionality eliminates the need for users to undergo re-authentication as long as their SAML 2.0 session in the browser remains valid, significantly streamlining their overall experience. Moreover, leveraging the browser for authentication enables the enforcement of additional access policies, such as conditional access provided by IdPs, before users commence streaming in the client application.

Trending on the news & advisories:

• OWASP foundation had a data breach.
• Google to Delete Billions of Browsing Records in 'Incognito Mode' Privacy Lawsuit Settlement.
• HTTP/2 CONTINUATION frames can be utilized for DoS attacks.
• City of hope data security incident.
• Home Depot confirms worker data leak after miscreant dumps info online.
• UK CVS Group. Notice of cyber incident.
• Android- Find My Device network with user security and privacy in mind.