Security Newsletter - Breaches, patches, and hacking cars through their headlights. • [tl;dr sec] #177 - AWS KMS Threat Model, DOM Invader • Amazon Chime SDK Voice - 5 updated methods • AWS MediaConnect - 20 new 7 updated methods • AWS Ground Station - 4 updated methods • AWS Security Profile: Ryan Dsouza, Principal Solutions Architect • Scale your authorization needs for Secrets Manager using ABAC with IAM Identity Center • Investigate security events by using AWS CloudTrail Lake advanced queries • AWS Security Profile: Matt Luttrell, Principal Solutions Architect for AWS Identity • mediaconnect: 22 new actions, 3 new resources • ssm-contacts: 1 new action • inspector2: 5 new actions • Use Amazon CodeWhisperer for Your AWS Security • NGINX vs Apache : A Comparison of Web Servers • Network Traffic Security With AWS VPC • Announcing New Tools for Building with Generative AI on AWS • I Built an AWS Well-Architected Chatbot with ChatGPT. Here's How I Approached It • Generative AI comes to Amazon Web Services • A site to easily copy from the MANY aws icons (link in comments) • Infor Continues to Grow its Healthcare Relationship with AWS - PR Newswire • Permiso Discovers Smishing Attack to Steal AWS Credentials - Security Boulevard

ASD Logo

17
Monday April, 2023

📣 Sponsor

bucketAV scans S3 buckets for viruses, worms, and trojans. bucketAV detects malware in real-time, periodically, or on-demand.

  • Data Protection: Scan your data with virtual machines running in your AWS account - no need to transfer data to an external service.
  • Simple: Get started within 15 minutes with the help of our setup guide and auto-installer based on AWS CloudFormation.
  • Scalable: Scan as many files as needed. bucketAV scales automatically. That's ensuring cost efficiency even for spiky workloads.

Try bucketAV for free!

🐿 In a nutshell

Episode 2 of the Twitter API Saga: Between Friday and Saturday, all of my AWS Twitter bots API keys were suspended with a notice by email and a warning message on dev portal.

They roll back the decision a few hours later, and the warning message is gone.

I can't imagine the chaos inside Twitter ATM 😰

🔦 Highlight of the week

  1. Intro to forensics in the cloud: A container was compromised. What’s next?
  2. The Unholy Marriage of AWS IAM Roles and Instance Profiles
  3. Real-World Detection Evasion Techniques in the Cloud

📢 MAMIP (Monitor AWS Managed IAM Policies)

Policies changed since last week (11):

Weekly diff

🪖 Army of AWS Bots: MAMIP / MASE / MGDA / MIRA

Newsletters
Security Newsletter - Breaches, patches, and hacking cars through their headlights.
Dieter Van der StockApr 14
[tl;dr sec] #177 - AWS KMS Threat Model, DOM Invader
Clint at tl;dr secApr 13
AWS API Changes
Amazon Chime SDK Voice - 5 updated methods
Apr 13
This release adds tagging support for Voice Connectors and SIP Media Applications
AWS MediaConnect - 20 new 7 updated methods
Apr 13
Gateway is a new feature of AWS Elemental MediaConnect. Gateway allows the deployment of on-premises resources for the purpose of transporting live video to and from the AWS Cloud.
AWS Ground Station - 4 updated methods
Apr 12
AWS Ground Station Wideband DigIF GA Release

📣 Sponsor

Are you suffering from FOMO syndrome (Fear of missing out) when it comes to the latest news and trends in the AWS Security landscape? Fear not! Our AWS Security Digest Newsletter has got you covered.

We are excited to announce that sponsorship opportunities are still available for the end of May and June issues of our newsletter. This is a great chance to reach our engaged audience of AWS Security professionals and showcase your products and services.

Let us know, drop us a line!

AWS Security Blog
AWS Security Profile: Ryan Dsouza, Principal Solutions Architect
Maddie BaconApr 14
In the AWS Security Profile series, I interview some of the humans who work in Amazon Web Services Security and help keep our customers safe and secure. This interview is with Ryan Dsouza, Principal Solutions Architect for industrial internet of things (IIoT) security.  How long have you been at AWS …
Scale your authorization needs for Secrets Manager using ABAC with IAM Identity Center
Aravind GopaluniApr 14
With AWS Secrets Manager, you can securely store, manage, retrieve, and rotate the secrets required for your applications and services running on AWS. A secret can be a password, API key, OAuth token, or other type of credential used for authentication purposes. You can control access to secrets in Secrets …
Investigate security events by using AWS CloudTrail Lake advanced queries
Rodrigo FerroniApr 13
This blog post shows you how to use AWS CloudTrail Lake capabilities to investigate CloudTrail activity across AWS Organizations in response to a security incident scenario. We will walk you through two security-related scenarios while we investigate CloudTrail activity. The method described in this post will help you with the …
AWS Security Profile: Matt Luttrell, Principal Solutions Architect for AWS Identity
Maddie BaconApr 12
In the AWS Security Profile series, I interview some of the humans who work in Amazon Web Services Security and help keep our customers safe and secure. In this profile, I interviewed Matt Luttrell, Principal Solutions Architect for AWS Identity. How long have you been at AWS and what do you …
IAM Permission Changes
mediaconnect: 22 new actions, 3 new resources
Apr 15
22 new actions: AddBridgeOutputs (Grants permission to add outputs to an existing bridge), AddBridgeSources (Grants permission to add sources to an existing bridge), CreateBridge (Grants permission to create bridges), CreateGateway (Grants permission to create gateways), DeleteBridge (Grants permission to delete bridges), DeleteGateway (Grants permission to delete gateways), DeregisterGatewayInstance (Grants permission …
ssm-contacts: 1 new action
Apr 15
1 new action: ListPageResolutions (Grants permission to list the resolution path of an engagement)
inspector2: 5 new actions
Apr 15
5 new actions: BatchGetMemberEc2DeepInspectionStatus (Grants permission to delegated administrator to retrieve ec2 deep inspection status of member accounts), BatchUpdateMemberEc2DeepInspectionStatus (Grants permission to update ec2 deep inspection status by delegated administrator for its associated member accounts), GetEc2DeepInspectionConfiguration (Grants permission to retrieve ec2 deep inspection configuration for standalone accounts, delegated administrator and …
Dev.to #aws, security
Use Amazon CodeWhisperer for Your AWS Security
#aws #security #devops
NGINX vs Apache : A Comparison of Web Servers
#nginx #apache #aws
Network Traffic Security With AWS VPC
#aws #security #networking
r/aws
Announcing New Tools for Building with Generative AI on AWS
15313aws.amazon.com
I Built an AWS Well-Architected Chatbot with ChatGPT. Here's How I Approached It
11913buildon.aws
Generative AI comes to Amazon Web Services
11212arstechnica.com
A site to easily copy from the MANY aws icons (link in comments)
6811
"AWS Security" on Google News
Infor Continues to Grow its Healthcare Relationship with AWS - PR Newswire
PR NewswireApril 17
Permiso Discovers Smishing Attack to Steal AWS Credentials - Security Boulevard
Security BoulevardApril 14
  • 🖊️ Don't miss out on the latest industry insights - stay ahead of the game by subscribing
  • 📢 Gain visibility for your brand by sponsoring our content
  • 💌 If you have any suggestions for future topics, let us know