AWS to Mandate Multi-Factor Authentication from 2024
Move is designed to mitigate risk of account takeover
Amazon Web Services (AWS) is a cloud platform whose configurations, vulnerabilities, and security advisories can affect hosted data and systems.
Search across headline titles and summaries.
Background for this topic.
Amazon Web Services (AWS) is a cloud platform offering on-demand computing, storage, databases, networking, and managed services. Organizations use it to run applications and process data without operating the underlying physical infrastructure. Security reporting under this tag may concern AWS service flaws, its infrastructure, or weaknesses in customer-configured environments.
AWS follows a shared-responsibility model: AWS secures the cloud infrastructure, while customers must secure identities, data, configurations, and workloads. Material risks include overly broad IAM permissions or stolen credentials, publicly exposed storage or network services, and unpatched virtual machines, containers, or application interfaces. Effective defenses include least-privilege access, encryption, configuration review, timely patching, and centralized audit logging through services such as CloudTrail. Those logs and related telemetry support detection and investigation, while predefined procedures can revoke credentials, isolate workloads, and preserve evidence when an account or resource is compromised.
Move is designed to mitigate risk of account takeover
GitHub has announced an improvement to its secret scanning feature that extends validity checks to popular services such as Amazon Web Services (AWS), Microsoft, Google, and Slack
Amazon will require all privileged AWS (Amazon Web Services) accounts to use multi-factor authentication (MFA) for stronger protection against account hijacks leading to data breaches, starting in mid-2024. [...]
Amazon will add new MFA requirements for users with the highest privileges, with plans to include other user levels over time.
CISOs responsible for tackling cloud security challenges need to rethink traditional security practices, protect apps and infrastructure they don’t control, and justify enterprise security investments. Trend Micro’s Bryan Webster told the AWS SecurityLIVE! audience it can all be done—by embracing ‘cloud values’ and leveraging the existing skills of cloud development teams.
Security exec Mark Ryland spills the tea on hush-hush threat intel tool Interview AWS has unveiled MadPot, its previously secret threat-intelligence tool that one of the cloud giant's security execs tells us has thwarted Chinese and Russian spies – and millions of bots.…