(This is just the summary of Issue 43 of AWS Cloud Security weekly @ https://aws-cloudsec.com/p/issue-43 << Subscribe for FREE to receive the full version in your inbox weekly).
What happened in AWS CloudSecurity & CyberSecurity last week April 30-may 06, 2024?
AWS has launched a new EC2 API GetInstanceTPMEkPub that allows you to fetch the public endorsement key (EkPub) for the Nitro Trusted Platform Module (NitroTPM) in your Amazon EC2 instance.
Now, with Route 53 Resolver DNS Firewall, you can automatically skip inspecting domains that are part of a domain redirection chain, like Canonical Name (CNAME) and Delegation Name (DNAME), eliminating the need to explicitly add every domain in the chain to your Route 53 DNS Firewall allow-list. Previously, when you created allow-lists for domains, Route 53 DNS Firewall checked each DNS query from your VPC against the allow-list tied to a DNS Firewall rule. If a query pointed to a domain in a redirection chain (like a CNAME) that wasn’t included in your allow-list, the DNS Firewall would block the query, requiring you to manually add each domain in the chain to your allow-list. With this update, you can now set your DNS Firewall rules to automatically cover all domains within a redirection chain, like CNAME or DNAME, without the need to list each one individually.
Trending on the news & advisories (Subscribe to the newsletter for details):
CISA and FBI Release Secure by Design Alert to Urge Manufacturers to Eliminate Directory Traversal Vulnerabilities.
Read Satya Nadella’s Microsoft memo on putting security first.
Former NSA Employee Sentenced to Over 21 Years in Prison for Attempted Espionage.
Former Cybersecurity Consultant Arrested For $1.5 Million Extortion Scheme Against IT Company.
White House Press Release: National Cyber Director Encourages Adoption of Skill-Based Hiring to Connect Americans to Good-Paying Cyber Jobs.
Dropbox filed SEC Form 8-K Filing and confirmed unauthorized access.
Change Healthcare hacked using stolen Citrix account with no MFA.
