SRE Weekly Issue #354 • [tl;dr sec] #163 - Rebuilding Detection and IR at LinkedIn, CVEs and Misaligned Incentives • AWS Audit Manager - 2 updated methods • AmplifyBackend - 1 updated methods • AWS App Runner - 6 updated methods • Amazon Connect Service - 2 updated methods • How to query and visualize Macie sensitive data discovery results with Athena and QuickSight • Updated whitepaper available: AWS Security Incident Response Guide • ec2: 29 updated actions, 7 updated conditions • iotroborunner: 29 removed actions, 5 removed resources, 5 removed conditions • autoscaling: 1 updated action • Amazon S3 Encrypts New Objects By Default | Amazon Web Services • I scanned every package on PyPi and found 57 live AWS keys • Why Not Mars • Update detected · z0ph/MAMIP@067b455 • *screaming in cloud security* <a href="https://t.co/rjPV81wYxT" target="_blank">tomforb.es/i-scanned-ever…</a> • S3 at rest encryption by default and soon it'll be non-trivial to make an S3 bucket public because Public Block access will be applied by default in April. We also got multiple MFAs for the root and the root email no longer tied to the underpants account. Thank you AWS folks! • If S3 is going to encrypt all objects by default, what are we going to argue about now? (Welcome move, one less dimension for customers to misconfigure) <a href="https://t.co/MDi6nLR4WM" target="_blank">aws.amazon.com/blogs/aws/amaz…</a> • ☁️ Cloud penetration testing: Not your typical internal penetration test <a href="https://twitter.com/sethsec" target="_blank">@sethsec</a> walks through how doing an internal (assume breach) cloud pen test is different than a typical pen test, with examples of increasingly useful things to look for <a href="https://t.co/vUvmhWFdX1" target="_blank">sethsec.blogspot.com/2022/12/cloud-…</a> • How about another real world attacker critique thread? <a href="https://twitter.com/ExpelSecurity" target="_blank">@ExpelSecurity</a> just published a great piece on an intrusion they took care of (Great work team). A thread. 🧵 <a href="https://t.co/KUeV8fdjtz" target="_blank">expel.com/blog/incident-…</a> • another year and still no fucking idea how to use mastodon • Devs: make it your new years resolution to serve OPTIONS at the edge. Your users in Australia and India will thank you. (It's very painful to use a modern SPA webapp and have dozens of round-trips each take an extra 250ms just for the preflights) <a href="https://t.co/Cu5myEqOHr" target="_blank">aws.amazon.com/blogs/networki…</a> • It's a small thing but the SEC opting not to refer to Elon Musk, even obliquely, as a founder of Tesla is hilarious (from <a href="https://twitter.com/matt_levine" target="_blank">@matt_levine</a>'s always excellent Money Stuff) • 😈 Attacker persistence in <a href="https://twitter.com/hashtag/Kubernetes" target="_blank">#Kubernetes</a> using the TokenRequest API The TokenRequest API can be used to create long-lived and hard-to-detect privileged access <a href="https://twitter.com/raesene" target="_blank">@raesene</a> on how attackers can abuse it &amp; how to detect misuse by monitoring k8s audit logs <a href="https://t.co/7Qeeh9szp5" target="_blank">securitylabs.datadoghq.com/articles/kuber…</a> • AWS Lambda function URLs + CloudFront is a pretty great combination. I've got a custom domain, TLS-enabled, WAF-protected, nearly-infinitely-scalable endpoint for like... $0.05/month. • Amazon S3 Encrypts New Objects By Default | Amazon Web Services • My Infrastructure as Code Rosetta Stone - Deploying the same web application on AWS ECS Fargate with CDK, Terraform and Pulumi • Updated whitepaper available: AWS Security Incident Response Guide • Amazon Neptune announces graph-explorer, an open-source visual exploration tool for low-code users • Amazon S3 will now encrypt all new data with AES-256 by default - BleepingComputer • Ring Car Cam extends Amazon's security footprint further beyond ... - GeekWire • AWS IP Ranges update for 2022-12-27 23:43:05 • AWS IP Ranges update for 2022-12-28 00:23:06