Issue 62 of AWS Cloud Security Weekly

(This is just the highlight of Issue 62 of AWS Cloud Security weekly @ https://aws-cloudsec.com/p/issue-62 << Subscribe to receive the full version in your inbox weekly for free!!)

What happened in AWS CloudSecurity & CyberSecurity last week September 11- September 17, 2024?

• Amazon Elastic Container Registry (ECR) now offers dual-layer server-side encryption in the AWS GovCloud (US) Regions, allowing two separate layers of server-side encryption to your images. With dual-layer server-side encryption using keys managed by AWS Key Management Service (DSSE-KMS), you can meet stricter compliance and regulatory standards by applying multiple encryption layers.
• AWS Backup has introduced a new AWS Backup Audit Manager control (framework) that lets you audit and verify if a resource's backup data is stored in a logically air-gapped vault, within a defined time frame and assess whether it aligns with your business or compliance requirements.
• AWS Private Certificate Authority (AWS Private CA) has now made the Connector for SCEP generally available which allows you to securely and efficiently enroll mobile devices at scale using a managed cloud certificate authority (CA). The Connector for SCEP is one of three connectors designed to integrate AWS Private CA with Kubernetes, Active Directory, and now mobile devices. These connectors enable you to replace existing CAs with AWS Private CA in environments with established native certificate distribution solutions. This consolidation allows you to streamline your enterprise's CA management by using a single private CA solution.
• AWS IAM Identity Center now supports language and visual mode preferences in the AWS access portal.
• AWS Network Firewall now supports AWS PrivateLink meaning you can privately access the service without routing traffic through the public internet i.e. all management and control traffic between clients and Network Firewall is transmitted over a private network.
• Amazon Cognito has enhanced its multi-factor authentication (MFA) capabilities by adding email as an additional authentication factor, alongside the existing options of text messages (SMS) and time-based one-time passwords (TOTP). Email MFA can be enabled during the sign-in process or used as a challenge for adaptive authentication.
• AWS WAF has launched an updated Bot Control Managed Rule Group with enhanced features to improve protection against bot activity. New capabilities include token reuse detection across ASNs and locations, customizable sensitivity levels, expanded bot categories with 19 new bots, and new Cloud Service Provider and automated browser extension labels. Additionally, improved CloudWatch visibility now provides detailed insights into matched rules.