📣 Azure Security Best Practices (Sponsor)Security is a key priority for any CISO of any organization with an extensive footprint in Azure. This cheat sheet provides actionable recommendations that can help you strengthen your Azure cloud security posture. We’ll explore detailed aspects of Azure best practices, from role-based access control (RBAC) to cloud security posture management, that you can adapt to secure your Azure subscriptions. Get the FREE cheat sheet
|
|
🥗 Appetizer
Hey folks,
Thanks for your feedback on last week's survey; your input is valuable for planning the year ahead.
Many of you inquired about supporting the newsletter's continuity. The best way to help is by sharing it with your friends and colleagues.
Also, if you're currently reading through the web-view, consider subscribing. It makes a big difference.
Bon appétit! 🍽️
Victor
|
🍔 AWS API Changes- AWS Transfer Family - 2 updated methods - AWS Transfer Family now supports static IP addresses for SFTP & AS2 connectors and for async MDNs on AS2 servers.
- AmazonMWAA - 1 updated methods - This Amazon MWAA feature release includes new fields in CreateWebLoginToken response model. The new fields IamIdentity and AirflowIdentity will let you match identifications, as the Airflow identity length is currently hashed to 64 characters.
- Amazon Keyspaces - 1 new 4 updated methods - This release adds support for Multi-Region Replication with provisioned tables, and Keyspaces auto scaling APIs
|
📣 Elevate Your AWS Security with Prowler (Sponsor)- Discover and secure critical AWS aspects with ease.
- Gain actionable insights and control over cloud workloads.
- Continuous, cutting-edge security measures.
- Trusted by leading orgs.
Ready to transform your AWS security? Start your free trial now.
|
🥣 Secret SauceEach week, we'll showcase your top AWS insights, focusing on AWS Security tricks and tips. Got a cool command-line hack, a clever console maneuver, or an awesome open-source tool? Send us your best tips for a shot at being featured in our upcoming issues.LUCR-3 (Scattered Spider) AWS Data Theft Technique: Downloading files via Cloudshell (often secrets scraped from SecretsManager). Watch for GetFileDownloadUrls (uncommon event in most environments) Ian Ahl, Permiso Security, @TekDefense
|
☕︎ CloudFormation Updates
|
🍪 Amazon Linux CVEsThis section will show you the latest (Important and Critical) CVEs on Amazon Linux.Amazon Linux 2 Amazon Linux 2023- ALAS-2024-485 (important): java-21-amazon-corretto - CVE-2024-20918, CVE-2024-20919, CVE-2024-20921, CVE-2024-20922, CVE-2024-20923, CVE-2024-20925, CVE-2024-20945, CVE-2024-20952
- ALAS-2024-484 (important): java-11-amazon-corretto - CVE-2024-20918, CVE-2024-20919, CVE-2024-20921, CVE-2024-20922, CVE-2024-20923, CVE-2024-20925, CVE-2024-20926, CVE-2024-20945, CVE-2024-20952
- ALAS-2024-483 (important): java-17-amazon-corretto - CVE-2024-20918, CVE-2024-20919, CVE-2024-20921, CVE-2024-20922, CVE-2024-20923, CVE-2024-20925, CVE-2024-20932, CVE-2024-20945, CVE-2024-20952
- ALAS-2024-482 (important): java-1.8.0-amazon-corretto - CVE-2024-20918, CVE-2024-20919, CVE-2024-20921, CVE-2024-20926, CVE-2024-20945, CVE-2024-20952
Amazon Linux 2- ALAS-2024-2415 (important): java-17-amazon-corretto - CVE-2024-20918, CVE-2024-20919, CVE-2024-20921, CVE-2024-20922, CVE-2024-20923, CVE-2024-20925, CVE-2024-20932, CVE-2024-20945, CVE-2024-20952
- ALAS-2024-2414 (important): java-11-amazon-corretto - CVE-2024-20918, CVE-2024-20919, CVE-2024-20921, CVE-2024-20922, CVE-2024-20923, CVE-2024-20925, CVE-2024-20926, CVE-2024-20945, CVE-2024-20952
- ALASCORRETTO8-2024-009 (important): java-1.8.0-amazon-corretto - CVE-2024-20918, CVE-2024-20919, CVE-2024-20921, CVE-2024-20926, CVE-2024-20945, CVE-2024-20952
|
👾 r/awsSecurity flair only.
|
🗯️ Enjoying our updates? Share your thoughts!
|
📢 Gain visibility for your brand by sponsoring our content 💌 If you have any suggestions for future topics, let us know |
|
|
|
