Security Newsletter - Pwn2Own results. Rust moving into the Android OS. Microsoft cyber wargames simulator.
Dieter Van der StockApr 12
12
Monday April, 2021
SRE Weekly Issue #265
Lex NevaApr 12
📖 [The CloudSecList] Issue 82
Marco from CloudSecListApr 11
[tl;dr sec] #78 - Scaling Threat Modeling at Segment, Bootstrapping vs VCs
Clint at tl;dr secApr 08
AWS Notification Message
GuardDutyAnnouncementsApr 08
Amazon GuardDuty Now Available in AWS Asia Pacific (Osaka) Region
Apr 8
Amazon GuardDuty is now available in the AWS Asia Pacific (Osaka) Region. You can now continuously monitor and detect security threats in the region to help protect your AWS accounts, workloads, and data stored in Amazon S3.
https://aws.amazon.com/about-aws/whats-new/2021/04/amazon-guardduty-now-available-in-aws-asia-pacific-osaka-region/
https://aws.amazon.com/about-aws/whats-new/2021/04/amazon-guardduty-now-available-in-aws-asia-pacific-osaka-region/
IAM Access Analyzer makes it easier to implement least privilege permissions by generating IAM policies based on access activity
Apr 7
When we launched IAM Access Analyzer, we started by helping you remove unintended public and cross account access by analyzing your existing permissions. Recently, IAM Access Analyzer added policy validation to help you set secure and functional permissions during policy authoring. Now, we are taking that a step further and …
Amazon Macie now available in AWS Asia Pacific (Osaka) Region
Apr 5
Amazon Macie is now available in AWS Asia Pacific (Osaka) Region. You can now discover sensitive data stored in this region to help protect your AWS workloads and data in Amazon S3.
https://aws.amazon.com/about-aws/whats-new/2021/04/amazon-macie-now-available-in-aws-asia-pacific-osaka-region/
https://aws.amazon.com/about-aws/whats-new/2021/04/amazon-macie-now-available-in-aws-asia-pacific-osaka-region/
Auto Scaling - 3 new 2 updated methods
Apr 8
Amazon EC2 Auto Scaling announces Warm Pools that help applications to scale out faster by pre-initializing EC2 instances and save money by requiring fewer continuously running instances
Amazon Lookout for Equipment - 22 new methods
Apr 8
This release introduces support for Amazon Lookout for Equipment.
How to set up a two-way integration between AWS Security Hub and ServiceNow
Ramesh VenkataramanApr 9
If you use both AWS Security Hub and ServiceNow, the new AWS Service Management Connector for ServiceNow integration enables you to provision, manage, and operate your AWS resources natively through ServiceNow. In this blog post, I’ll show you how to set up the new two-way integration of Security Hub and …
IAM Access Analyzer makes it easier to implement least privilege permissions by generating IAM policies based on access activity
Mathangi RameshApr 7
In 2019, AWS Identity and Access Management (IAM) Access Analyzer was launched to help you remove unintended public and cross account access by analyzing your existing permissions. In March 2021, IAM Access Analyzer added policy validation to help you set secure and functional permissions during policy authoring. Now, IAM Access …
Audit companion for the AWS PCI DSS Quick Start
Avik MukherjeeApr 6
If you’ve supported a Payment Card Industry Data Security Standard (PCI DSS) assessment as a Qualified Security Assessor (QSA) or as a technical team facing an assessment, it’s likely that you spent a lot of time collecting and analyzing evidence against PCI DSS requirements. In this blog post, I show …
AWS Verified, episode 4: How Lockheed Martin embeds security
Stephen SchmidtApr 5
Last year Amazon Web Services (AWS) launched a new video series, AWS Verified, where we talk to global cybersecurity leaders about important issues, such as how the pandemic is impacting cloud security, how to create a culture of security, and emerging security trends. Today I’m happy to share the latest …
stephenschmidt @StephenSchmidt
A positive security culture sets your business up for continuous progress. Check out this @WSJ article for more of @AWSSecurityInfo’s thinking on this: partners.wsj.com/aws/reinventin…
749
55Apr 06 · 8:10 PM
Brigid Johnson @bjohnso5y
🍪IAM Access Analyzer has a new treat for all you permission setters out there in #AWS land.🍪Now, Access Analyzer generates policies based on your CloudTrail activity. (1/11)
amzn.to/3wzIJlR
370139Apr 07 · 10:47 PM
Clint Gibler @clintgibler
🌩️ #AWS CTF - happening now!
Put your cloud skills to the test in @Hacker0x01's first-ever AWS CTF, running today through April 12th
Learn how to:
* Escalate privileges through SSRF
* Elevate your access by exploiting misconfigurations of AWS services
hackerone.com/hack-alongside…
14151Apr 05 · 7:00 PM Clint Gibler @clintgibler
☁️ KICS
Another static analysis tool for infrastructure as code
Supports:
* Terraform
* Kubernetes
* Docker
* CloudFormation
* Ansible
* Helm
github.com/Checkmarx/kics
7733Apr 05 · 11:00 PM
Scott Piper @0xdabbad00
It's now been 218 days since this was reported to AWS (172 days since public). Is AWS ever going to fix this? This is their side of the shared responsibility model.
Nick Frichette @Frichette_n
I recently found a bug in the AWS API that allows you to enumerate certain permissions for a role without logging to CloudTrail. It affects 645 actions in 40 AWS services. In this thread I'll provide a short tl;dr.
frichetten.com/blog/aws-api-e…
5618Apr 08 · 10:41 PM
Kinnaird McQuade💥☁️ @kmcquade3
🧵Discovered something interesting. AWS released two new fields in the CloudTrail logs earlier this year (in Jan '21):
* sessionCredentialFromConsole
* tlsDetails
The latter shows whether or not an event originated from an AWS Console session.
Docs: docs.aws.amazon.com/awscloudtrail/…
4812Apr 09 · 6:53 PM Kinnaird McQuade💥☁️ @kmcquade3
Cloudsplaining 0.4.0 is now released! It supports scanning multiple AWS accounts for excessive AWS IAM privileges in a single command.
You just edit a YAML file that specifies the AWS accounts, and run the `scan-multi-account` command. 😀
Documentation: cloudsplaining.readthedocs.io/en/latest/user…
4810Apr 07 · 6:12 PM
Michael Chan @mchancloud
1/ 📣📣📣👉🏾 Federating with AWS IAM vs AWS SSO: let’s clear up a misconception on federating into AWS accounts. You can federate directly from your IdP to each AWS account via the AWS IAM service. @AWSIdentity
4411Apr 07 · 5:26 PM
Aidan W Steele @__steele
Regarding that Facebook scrape: I'm surprised it took this long to blow up. I tried reporting this to Facebook 7 years ago and the response was basically "working as designed".
I was able to query ~70K phone numbers a minute. As high as 20% hit rate in NYC area codes.
3514Apr 09 · 6:21 AM
Spencer Gietzen @SpenGietz
Hey check out my latest blog on SMTP abuse in AWS
crowdstrike.com/blog/how-to-ha…
3412Apr 06 · 5:31 AM
I built a tool which automatically suggests least-privilege IAM policies
I'm building iam-zero, a tool which detects IAM issues and suggests least-privilege policies.
It uses an instrumentation layer to capture AWS API calls made in botocore and other AWS SDKs (including the official CLI) and send alerts to a collector - similar to how Sentry, Rollbar, etc capture errors in …
Lessons I learnt about S3 presigned URLs
While writing an IAM Policy to allow a Lambda Function to create pre-signed S3 URLs I was struggling to find the right permissions for getSignedUrl action. 🙇♀️
Then I remembered anyone with valid credentials can create a pre-signed URL!
Anyone with valid AWS security credentials can create a pre-signed URL. …
IAM Access Analyzer makes it easier to implement least privilege permissions by generating IAM policies based on access activity
You can now use IAM Access Analyzer to generate fine-grained policies, based on your access activity in your AWS CloudTrail logs. When you request a policy, IAM Access Analyzer gets to work and identifies your activity from CloudTrail logs to generate a policy. The generated policy grants only the required …
Help Wanted: Cloud-based WAF testing
Hello All,
I am gathering some information for Cloud-based WAF testing and validation. My company is in the testing phase for a major vendor, and we're seeking input from industry professionals on which providers they would like to see in the WAF testing.
The end goal is to provide public …
- 🖊️ This newsletter was fwd to you? Subscribe here
- 💌 Want to suggest new content: contact me or reply to this email
- ⚡️ Powered by Mailbrew