Security Newsletter - FBI removes Exchange web shells from hacked machines. US sanctions Russia for Solarwinds. Two zero-day Chromium issuess.
Dieter Van der StockApr 19
19
Monday April, 2021
SRE Weekly Issue #266
Lex NevaApr 19
📖 [The CloudSecList] Issue 83
Marco from CloudSecListApr 18
[tl;dr sec] #79 - Memory Safety FTW, Reference Architectures
Clint at tl;dr secApr 15
AWS Security Hub Automated Response and, Remediation Solution adds support for AWS Foundational Security Best Practices standard
Apr 15
AWS Security Hub Automated Response and, amp; Remediation solution supports 11 new AWS Foundational Security Best Practices controls.
Amazon Macie adds CloudWatch logging for job status and health monitoring of sensitive data discovery jobs
Apr 15
Amazon Macie now publishes job status and health logs to CloudWatch, providing you with continuous visibility into operations of your sensitive data discovery jobs to quickly identify, investigate, and address errors.
AWS Identity and Access Management now makes it easier to relate a user's IAM role activity to their corporate identity
Apr 13
AWS Identity and Access Management (IAM) now provides the ability to easily identify the user responsible for an AWS action performed while assuming an IAM role. By setting the new source identity attribute, which gets logged in AWS CloudTrail for most actions, you can easily find out who is responsible …
Amazon GuardDuty Now Available in AWS Asia Pacific (Osaka) Region
Apr 8
Amazon GuardDuty is now available in the AWS Asia Pacific (Osaka) Region. You can now continuously monitor and detect security threats in the region to help protect your AWS accounts, workloads, and data stored in Amazon S3.
AWS Database Migration Service - 1 new 4 updated methods
Apr 15
AWS DMS added support of TLS for Kafka endpoint. Added Describe endpoint setting API for DMS endpoints.
AWS CodeStar connections - 1 updated methods
Apr 14
This release adds tagging support for CodeStar Connections Host resources
AWS MediaConnect - 5 updated methods
Apr 14
For flows that use Listener protocols, you can now easily locate an output's outbound IP address for a private internet. Additionally, MediaConnect now supports the Waiters feature that makes it easier to poll for the status of a flow until it reaches its desired state.
AWS Comprehend Medical - 1 updated methods
Apr 13
The InferICD10CM API now returns TIME_EXPRESSION entities that refer to medical conditions.
How to use AWS IAM Access Analyzer API to automate detection of public access to AWS KMS keys
Yevgeniy IlyinApr 15
In this blog post, I show you how to use AWS IAM Access Analyzer programmatically to automate the detection of public access to your resources in an AWS account. I also show you how to work with the Access Analyzer API, create an analyzer on your account and call specific …
How to relate IAM role activity to corporate identity
Tracy PierceApr 13
April 14, 2021: In the section “Use the SourceIdentity attribute with identity federation,” we updated “AWS SSO” to “sign-in endpoint” for clarity. AWS Security Token Service (AWS STS) now offers customers the ability to specify a unique identity attribute for their workforce identities and applications when they assume an AWS …
Optimizing cloud governance on AWS: Integrating the NIST Cybersecurity Framework, AWS Cloud Adoption Framework, and AWS Well-Architected
Min HyunApr 12
Your approach to security governance, risk management, and compliance can be an enabler to digital transformation and business agility. As more organizations progress in their digital transformation journey—empowered by cloud computing—security organizations and processes cannot simply participate, they must lead in that transformation. Today, many customers establish a security foundation …
Generate IAM policies based on access activity
Apr 7
You can now use IAM Access Analyzer to generate fine-grained policies based on your access activity found in your AWS CloudTrail.
Introducing cross-Region event routing with Amazon EventBridge | Amazon Web Services
With cross-Region event routing in EventBridge, you can now route events from any AWS Region to other supported Regions. This post explains how to configure …
Matt Fuller This is going to open up a ton of new capabilities! Ex: third-party security services will no longer need to maintain EventBridge infrastructure in e…
Steven Bryen RT @jbesw: 🆕 Introducing cross-region event routing with Amazon EventBridge: aws.amazon.com/blogs/compute/… #aws #serverless #eventbridge https://…
Clint Gibler @clintgibler
🔥 Kubernetes Pentest Methodology
1⃣Dangerous RBAC configs
cyberark.com/resources/thre…
2⃣Black box, remote attack vectors
cyberark.com/resources/thre…
3⃣Internal attack vectors (container and network), where an attacker has a foothold on one of the pods
securityboulevard.com/2019/11/kubern…
186
76Apr 13 · 5:00 PM Clint Gibler @clintgibler
😰 Responsible for security but don't have the authority to get things fixed?
@shehackspurple: Create a "risk sign-off sheet" (w/ the vulns & business impact) and ask leadership to sign it
Either they own the risk or give you authority to fix it
microsoft.com/security/blog/…
7622Apr 12 · 9:00 PM
Kinnaird McQuade💥☁️ @kmcquade3
My AWS Lambda functions beg to differ twitter.com/someinfosecguy…
5279616e @someinfosecguy
The 👏 cloud 👏 is 👏 rarely 👏 cheaper 👏 than 👏 on-premise 👏
475Apr 14 · 5:47 AM
Michael Chan @mchancloud
1/ 📣📣📣🎉 Auditing who did what in AWS just got a lot easier! This new #AWSIAM attribute, SourceIdentity, allows you to easily track who is responsible for performing an action, and logs their activity in AWS CloudTrail.
AWS Identity @AWSIdentity
New! 🚀 AWS Identity & Access Management now makes it easier to relate a user's #AWSIAM role activity to their corporate identity. go.aws/3dg0e32
3413Apr 14 · 3:36 PM
Scott Piper @0xdabbad00
AWS says they didn't fix their IAM policies for the warnings from Access Analyzer policy validator because they think it's important to minimize the changes they do to policies.
But also sometimes they update them just to alphabetize them. 🙃
MAMIP - Monitor AWS Managed IAM Policies Changes @mamip_aws
ReadOnlyAccess ... github.com/z0ph/aws_manag…
387Apr 14 · 3:48 AM Scott Piper @0xdabbad00
New sts:SourceIdentity concept when assuming roles in the SDK update today. docs.aws.amazon.com/IAM/latest/Use…
405Apr 14 · 12:08 AM
Will Bengtson @__muscles
How did I not know about this? This is awesome! cc: @rmogull @hhopk @0xdabbad00 @jcfarris
377Apr 13 · 12:35 AM
Aidan W Steele @__steele
This is the best article I’ve read on Kinesis streams and Lambda. Probably one of the best I’ve read on anything AWS. Well worth your time.
Anahit Pogosova @anahit_fi
If you have nothing to read over the holidays, here's a suggestion for you! ☺️ The second part of my guide to #AWS #Kinesis is finally here! Spoiler alert: it is featuring #Lambda and includes some new announcements from the #reInvent2020 🌟
dev.solita.fi/2020/12/21/kin…
342Apr 18 · 6:18 AM Matt Fuller @matthewdfuller
This is going to open up a ton of new capabilities! Ex: third-party security services will no longer need to maintain EventBridge infrastructure in every AWS region just to collect events from all regions used by end-users. #cloud #security #aws #devops
aws.amazon.com/blogs/compute/…
2610Apr 15 · 10:19 PM
AWS Identity and Access Management now makes it easier to relate a user's IAM role activity to their corporate identity
Auditing who did what in AWS just got a lot easier! This new AWS IAM attribute, SourceIdentity, allows you to easily track who is responsible for performing an action, and logs their activity in AWS CloudTrail. This attribute persists even across role assumptions (role-chaining). If you're federating your IdP directly …
us-east-1 down?
Looks like there’s actually something on the status page. We can’t launch any new instances. Is anyone else seeing issues?
Have to give a nod to Reachability Analyzer.
I have 99% of my aws VPCs in terraform, but something had changed recently that was stopping packets from us-west-2 to us-east-1. I know the normal pitfalls...and then i decided to spend $.20, .10 to confirm the failure and the other to confirm it was from a certain network path. …
Amazon Managed Service for Grafana (AMG) is now available in preview to all AWS customers.
AMG supports open source Grafana version 7.5, and customers can upgrade to Grafana Enterprise with a 30-day free trial via an AWS Marketplace subscription. Grafana Enterprise enables connections to popular third party solutions including AppDynamics, DataDog, Dynatrace, MongoDB, New Relic, Oracle Database, ServiceNow, Snowflake, Splunk, and Wavefront.
https://console.aws.amazon.com/grafana/home?region=us-east-1#/
To learn …
Opportunity for those residing in India to participate in a compensated interview study about purchasing digital training products for people on your team or your organization ($250 -$300 compensation)
Hey everyone! I am part of a team that is conducting a study about digital training for cloud services & technologies. If you have ever helpedpurchase digital cloud trainings for people on your team or for your organization and are residing in India we would love to talk to …
- 🖊️ This newsletter was fwd to you? Subscribe here
- 💌 Want to suggest new content: contact me or reply to this email
- ⚡️ Powered by Mailbrew