SRE Weekly Issue #355 • [tl;dr sec] #164 - Becoming Phishless, Machine Learning • AWS Clean Rooms Service - 34 new methods • AWS Lambda - 5 updated methods • AWS Elemental MediaConvert - 11 updated methods • AWSKendraFrontendService - 1 updated methods • Three key security themes from AWS re:Invent 2022 • Recap to security, identity, and compliance sessions at AWS re:Invent 2022 • elasticmapreduce: 1 new action • cleanrooms: 34 new actions, 4 new resources • iam: 11 new actions • Taking The New Secrets Manager Lambda Extension For a Spin • Update detected · z0ph/MAMIP@55573d4 • CircleCI incident report for January 4, 2023 security incident • the call i'm on just called a floppy disk "the save icon" and i guess i'll go die of old age now • ✅ How to *actually* roll out YubiKeys/WebAuthN Industry advice is to "just do it" But it's actually really hard in practice 8 resources on lessons learned from companies who've done it 🧵 • 🦀 Memory Safe Languages in Android 13 To date, 0 memory safety vulns in Android’s Rust code Historical vulnerability density is &gt;1/kLOC in C/C++ components → Rust has already prevented 100s of vulns By <a href="https://twitter.com/jeffvanderstoep" target="_blank">@jeffvanderstoep</a> <a href="https://t.co/DzpULTSoCC" target="_blank">security.googleblog.com/2022/12/memory…</a> • My neighbor works in finance and is required to take a minimum amount of no-contact PTO every year. It ensures there's organizational resilience and it's even seen as a check on fraud. Unlimited PTO would be better with measures like that included ... enforce a minimum. • If you're interested in permissions management and authorization, check out my new blog post on the new Cedar language - currently integrated into Amazon Verified Permissions and <a href="https://twitter.com/hashtag/AWS" target="_blank">#AWS</a> Verified Access, and more in the future. 🌲🔐 <a href="https://t.co/CSkuNrhmx5" target="_blank">onecloudplease.com/blog/cedar-a-n…</a> • How many different AWS phishing vectors are you aware of? I found four - anything I missed? <a href="https://t.co/bjot6aF0cP" target="_blank">ramimac.me/aws-phishing</a> • 12 years clean and sober today 😊 • Do you work somewhere that uses Github Enterprise Cloud, but doesn't use GitHub Actions OIDC because it's not possible for AWS org admins to lock down role creation to only your GitHub Enterprise? I wrote this for you. ✨Fancy✨ screenshot for the tl;dr <a href="https://t.co/122SRICQXx" target="_blank">awsteele.com/blog/2023/01/1…</a> • A good example of threat lists in CI/CD: <a href="https://t.co/m0QBo5DmY0" target="_blank">storage.googleapis.com/prd-engineerin…</a> This 👆 is part of the worth-reading article: <a href="https://t.co/x9kN1KQpe5" target="_blank">engineering.mercari.com/en/blog/entry/…</a> by <a href="https://twitter.com/MercariDev" target="_blank">@MercariDev</a> • “Just use Kubernetes” 🙄 • AWS Lambda now supports Maximum Concurrency for Amazon SQS as an event source • META: How do we feel about the blog "spam?" • AWS Network Firewall adds support for reject action for TCP traffic • AWS Clean Rooms is now available in preview • Accelerate FedRAMP Compliance with Amazon Web Services (AWS) - Security Boulevard • AWS security heads offer top cybersecurity predictions for 2023 - VentureBeat • AWS IP Ranges update for 2023-01-05 06:03:06 • AWS IP Ranges update for 2023-01-05 07:43:09