Security Newsletter - Passwordstate password manager hacked. Emotet removing itself since Sunday. QNAP ransomware with 7zip.
Dieter Van der StockApr 26
26
Monday April, 2021
SRE Weekly Issue #267
Lex NevaApr 26
📖 [The CloudSecList] Issue 84
Marco from CloudSecListApr 25
[tl;dr sec] #80 - Celleb-fight me, Hardening CI Infrastructure
Clint at tl;dr secApr 22
Review last accessed information to identify unused EC2, IAM, and Lambda permissions and tighten access for your IAM roles
Apr 19
IAM helps customers with capabilities to analyze access and achieve least privilege. When you are working on new permissions for your teams, you can use IAM Access Analyzer policy generation to create a policy based on your access activity and set fine-grained permissions. To analyze and refine existing permissions, you …
AWS Elemental MediaPackage - 4 updated methods
Apr 23
Add support for Widevine DRM on CMAF origin endpoints. Both Widevine and FairPlay DRMs can now be used simultaneously, with CBCS encryption.
Amazon ElastiCache - 15 updated methods
Apr 22
This release introduces log delivery of Redis slow log from Amazon ElastiCache.
Amazon Forecast Service - 3 updated methods
Apr 22
This release adds EstimatedTimeRemaining minutes field to the DescribeDatasetImportJob, DescribePredictor, DescribeForecast API response which denotes the time remaining to complete the job IN_PROGRESS.
AWS SecurityHub - 3 new 3 updated methods
Apr 22
Replaced the term "master" with "administrator". Added new actions to replace AcceptInvitation, GetMasterAccount, and DisassociateFromMasterAccount. In Member, replaced MasterId with AdministratorId.
How to use AWS Secrets & Configuration Provider with your Kubernetes Secrets Store CSI driver
Tracy PierceApr 22
April 23, 2021: We’ve updated the commands in Steps 1 and 5 and in the “Additional Features” section. AWS Secrets Manager now enables you to securely retrieve secrets from AWS Secrets Manager for use in your Amazon Elastic Kubernetes Service (Amazon EKS) Kubernetes pods. With the launch of AWS Secrets …
Whitepaper available: Classic intrusion analysis frameworks for AWS environments
Tim RainsApr 21
Amazon Web Services (AWS) has released a new whitepaper, Classic intrusion analysis frameworks for AWS environments, to help organizations plan and implement a classic intrusion analysis framework for AWS environments. This whitepaper provides context that will help you understand how such frameworks are used and shows you, in detail, how …
Review last accessed information to identify unused EC2, IAM, and Lambda permissions and tighten access for your IAM roles
Mathangi RameshApr 20
AWS Identity and Access Management (IAM) helps customers analyze access and achieve least privilege. When you are working on new permissions for your team, you can use IAM Access Analyzer policy generation to create a policy based on your access activity and set fine-grained permissions. To analyze and refine existing …
Clint Gibler @clintgibler
🔥 Continuous recon and vulnerability assessment using GitHub Actions @pdiscoveryio
Domain
➡️ SubFinder - subdomain enum
➡️ Naabu - port scan
➡️ httpx - probe HTTP
➡️ nuceli - find CVEs
➡️ Slack/Discord/Telegram alerts
#recon #bugbountytips
github.com/projectdiscove…
157
56Apr 20 · 5:00 PM
Michael Chan @mchancloud
1/ 🚀🚀🚀IAM actions last accessed by users or roles your AWS account: in addition to S3 mgmt actions, you now can see when Amazon EC2, AWS IAM, and AWS Lambda actions were last used! Here I can see that I just attempted a DeleteRole & DeletePolicy in the #AWSIAM service:
Jim Scharf @jim_scharf
More goodies to make it easier to pursue least privilege security for access to AWS. Here is an overview of the approach youtu.be/xuxUL8gwKJs - today the team widened the number of services supported.
8327Apr 20 · 7:28 PM
Marco Lancini @lancinimarco
I've started working on probably the most ambitious blog post I’ve written so far. This time I’m going to publish a post containing a roadmap template for #CloudSecurity teams, created with knowledge gathered over the past few years and aligned with the @cloudsa CCM
666Apr 19 · 10:04 PM
Ian Mckay @iann0036
The other day I needed to hide an AWS account ID for a demo using the CLI, but couldn't find anything to help me do that - so I decided to write something myself!
Replace arbitrary strings or patterns in your console output on demand with censor-shell 🤐
github.com/iann0036/censo…
607Apr 22 · 5:43 PM
Clint Gibler @clintgibler
🛡️ Defend the Core: #Kubernetes Security at Every Layer
Nice overview by @jimmesta, covering best practices at the following layers:
* Kernel
* Container
* Workload (pod)
* Networking
* Nodes
* Cluster components
thenewstack.io/defend-the-cor…
4910Apr 21 · 1:00 AM
Brigid Johnson @bjohnso5y
🎬 And action! 🎬 IAM, EC2, and Lambda actions to be exact. You can now review action last accessed information for these services amzn.to/3sGzxcf (1/9).
3514Apr 22 · 1:59 AM
Scott Piper @0xdabbad00
There is now a AWSCompromisedKeyQuarantineV2. Looks like the primary change from V1 is stopping people from deleting S3 buckets and objects. 😮 I assumed AWS saw a problem of someone exfilling data or maybe encrypting it for ransom, but just deleting it? Yikes.
MAMIP - Monitor AWS Managed IAM Policies Changes @mamip_aws
AmazonDevOpsGuruServiceRolePolicy AWSCompromisedKeyQuarantineV2... github.com/z0ph/aws_manag…
286Apr 22 · 2:35 AM
Rhino Security Labs @RhinoSecurity
Published a beta version of Pacu to pip. Follow the directions here (github.com/RhinoSecurityL…). Interested in testing it? Feedback welcome!
1912Apr 22 · 1:53 AM
AWS CLI --query option seems underappreciated
Full disclaimer, I wrote this article. Upon discovery of the --query option, I decided to research various techniques using the JMESPath syntax. My organization and some of my personal clients use `jq` to parse the AWS CLI command output.
I figured I'd write an article surfacing the research / methods …
AWSLambdaFullAccess policy is now gone, new policy called AWSLambda_FullAccess
Hi guys and girls,
My colleague just noticed this in our organization after we had some issues with applying some changes to a role, AWS decided a _ was much better for AWSLambdaFullAccess. If any of your applications are using the old naming convention for this policy it will refer …
UI/UX: Table consistency request for the AWS team
Maybe this is just me, but I would like to raise my hand and point out that the tables across all the AWS Console are very inconsistent. The sorting and with adjustment of columns is not consistent across all the AWS services that display data with tables.
I think it …
New Tool To Find & Fix Vulnerabilities in GSuite, O365, AWS and more
Hi Everyone,
There is a new tool that can help you to discover misconfiguration in your organization's cloud apps environments.
The onboarding is super easy (it took me less than 3min) and it checks for dozens of checks like:
- MFA / Strong Password Enforcement
- Public Files / Calendars / Buckets …
- 🖊️ This newsletter was fwd to you? Subscribe here
- 💌 Want to suggest new content: contact me or reply to this email
- ⚡️ Powered by Mailbrew