Security Newsletter - Hacking group used 11 zero days in a year. FBI values US losses to cybercrime in 2020 at $4.2 billion.
Dieter Van der StockMar 22
⭐ Auto Promotion ⭐
- Lately, I've tested AWS Access Analyzer Policy Validation against all 837 AWS Managed Policies. [Read more]
22
Monday March, 2021
SRE Weekly Issue #262
Lex NevaMar 22
📖 [The CloudSecList] Issue 79
Marco from CloudSecListMar 21
[tl;dr sec] #75 - IAM Least Privilege at Speed, Spectre
Clint at tl;dr secMar 18
New AWS SSO gallery app simplifies Azure AD set-up with AWS
aws.amazon.comMar 17
The new AWS Single Sign-On (SSO) app, found in the Azure Active Directory app gallery, makes it easier to use your Azure AD identities for sign-in across multiple AWS accounts and AWS SSO integrated applications. Customers who want a centralized way to manage Azure AD users and groups across AWS …
IAM Access Analyzer now supports over 100 policy checks with actionable recommendations to help you author secure and functional policies
aws.amazon.comMar 16
AWS Identity and Access Management (IAM) Access Analyzer makes it easier to implement least privilege permissions by analyzing resource policies to provide provable security and help you identify unintended public or cross-account access. A recent update allows you to validate public and cross-account access before deploying permissions changes. Now, we …
Approaches for authenticating external applications in a machine-to-machine scenario
Patrick SardMar 19
Amazon Web Services (AWS) supports multiple authentication mechanisms (AWS Signature v4, OpenID Connect, SAML 2.0, and more), essential in providing secure access to AWS resources. However, in a strictly machine-to machine (m2m) scenario, not all are a good fit. In these cases, a human is not present to provide user …
How to scale your authorization needs by using attribute-based access control with S3
Koen van BlijderveenMar 18
In this blog post, we show you how to scale your Amazon Simple Storage Service (Amazon S3) authorization strategy as an alternative to using path based authorization. You are going to combine attribute-based access control (ABAC) using AWS Identity and Access Management (IAM) with a standard Active Directory Federation Services …
Expanded policy validation options
Mar 15
Expanded policy validation available in the IAM console, AWS API, and AWS CLI using policy checks in IAM Access Analyzer to help you author secure and functional JSON policies.
IAM Access Analyzer Update – Policy Validation | Amazon Web Services
AWS Identity and Access Management (IAM) is an important and fundamental part of AWS. You can create IAM policies and service control policies (SCPs) that …
Victor GRENU Following the release of AWS Access Analyzer - Policy Validation. I wanted to follow the principle of "Eating your own dog food". So, I've analyzed a…
Brigid Johnson Learn more about this launch by reading the blog post by @jeffbarr aws.amazon.com/blogs/aws/iam-… (12/12)
Scott Piper RT @jeffbarr: IAM Access Analyzer Update – Policy Validation - aws.amazon.com/blogs/aws/iam-… #AWS
Brigid Johnson @bjohnso5y
Authoring secure and functional policies just got a lot easier with over 100 policy checks from Access Analyzer. Here is why this launch 🚀is a game changer (1/12)
88
22Mar 17 · 12:00 AM
Clint Gibler @clintgibler
🐋 Docker Security Cheat Sheet by @owasp
* 11 rules to follow
* Relevant static analysis tools
* + a number of useful reference articles
cheatsheetseries.owasp.org/cheatsheets/Do…
6030Mar 15 · 6:00 PM Scott Piper @0xdabbad00
A little over a year ago, Parliament (a tool I built with @duo_labs) was released. For the projects I maintain, the outcome I most hope for is that AWS puts me out of business so to speak. Awesome to see AWS building this functionality. duo.com/blog/an-aws-ia…
Jeff Barr ☁️ (@ 🏠 ) @jeffbarr
IAM Access Analyzer Update – Policy Validation - aws.amazon.com/blogs/aws/iam-… #AWS
7014Mar 17 · 2:46 AM
Ian Mckay @iann0036
So #AWS FIS is now out 😍
This is a really cool service to allow you to test your resiliency, of particular interest is the fine-grained targeting allowing you to simulate specific app or AZ failures.
7210Mar 16 · 12:46 AM
Marco Lancini @lancinimarco
Just blogged: "Security Logging in Cloud Environments - GCP" - How to design a state of the art multi-account security logging platform, this time in @googlecloud.
marcolancini.it/2021/blog-secu…
5821Mar 17 · 9:42 PM Victor GRENU @zoph
Following the release of AWS Access Analyzer - Policy Validation. I wanted to follow the principle of "Eating your own dog food". So, I've analyzed all 837 AWS Managed Policies provided by AWS themself.
aws.amazon.com/blogs/aws/iam-…
Thread ⬇️
4412Mar 22 · 10:37 AM Scott Piper @0xdabbad00
This is amazing on many levels: Having the needed logs and ability to trace this issue, being able to track down a rarely expressed race condition, recognizing the need to take nuclear action and pulling the trigger, and more. Awesome job Github folks.
GitHub @github
As a follow-up to our March 8, 2021 announcement about logging out all GitHub users, we're sharing the details of how we found and fixed the rare race condition in our session handling.
github.blog/2021-03-18-how…
478Mar 21 · 9:11 PM
Aidan W Steele @__steele
Feature request: AWS Athena to support S3 access points, so we can take advantage of this in Athena queries 😍
Danilo Poccia @danilop
This is so cool, so many use cases 👉 Introducing Amazon S3 Object Lambda – Use Your Code to Process Data as It Is Being Retrieved from S3 ✍️ buff.ly/3eWOlQC #AWS #Storage #Serverless
416Mar 18 · 7:26 PM Aidan W Steele @__steele
A use case for that new Lambda-modifying-S3-objects-inflight service:
Back in 2014 I learned that a) ZIP archives use CRC-32 for integrity and b) CRC-32s can be reversed using Tricky Maths™, so I could modify a file inside a ZIP without corrupting it. Time for shenanigans.
1/8
315Mar 19 · 9:43 AM Clint Gibler @clintgibler
☁️ HackingThe.Cloud by @Frichette_n
> An encyclopedia of attacks/tactics/techniques that offensive security professionals can use
Currently covers for AWS:
* General knowledge
* Enumeration
* (Post) Exploitation
* Avoiding detection
hackingthe.cloud/aws/
295Mar 16 · 6:00 PM
AWS Cognito & Amplify Auth - Bad, Bugged, Baffling
What this article is about
I'm going to express my dissatisfaction with AWS Cognito and Amplify Auth. If you intend to use these services in the future, or you're already using them, you can probably get something out of reading the article, potentially save yourself some hair pulling.
I'll …
- 🖊️ This newsletter was fwd to you? Subscribe here
- 💌 Want to suggest new content: contact me or reply to this email
- ⚡️ Powered by Mailbrew