February 24, 2025
🥖 Palette Cleanser
If this week in AWS security had a soundtrack, it’d be a mix of sirens, nervous laughter, and the Mission Impossible theme playing on loop. IAM usernames are getting exposed, attackers are seeing AWS misconfigurations as an all-you-can-hack buffet, and AWS just dropped a Trust Center to help clean up the mess (or at least document it).
Oh, and speaking of things disappearing fast - fwd:cloudsec North America 2025 tickets are almost gone! Grab your 🎟️ before they vanish!
🚨 CFP ALERT 🚨
This year’s theme is “Living on the Edge” - bold security discoveries, first ascents, and fresh cloud frontiers. Got a talk idea? Submit 'em before April 11.
Have feedback about AWS Security Digest? Tell us here. This issue is also available to share online.
📋 Chef's selections
-
AWS Launches Trust Center: a Centralized Resource for Security and Compliance Information by Steef-Jan Wiggers
Has AWS just made security and compliance a little less painful with the new AWS Trust Center? It’s a central hub for all things security, from compliance docs to real-time service updates. Think of it as AWS’s way of saying, "Hey, we got this!" So if you're tired of digging through endless AWS documentation, this might be your new best friend.
-
AWS IAM Enumeration by Devesh Patel
As some already know, hackers have a sneaky way to figure out valid AWS usernames and we know that’s not great. This article breaks down CVE-2025-0693, aka the "IAM Peek-a-Boo" bug, where attackers can confirm if a username exists, making phishing and brute-force attacks way easier. Don’t panic - there are fixes, and Devesh is here to help.
-
AWS Vulnerabilities and the Attacker’s Perspective by Benjamin Caudill
Ever wonder how hackers really look at AWS security? Benjamin dives into misconfigurations, identity flaws, and privilege escalation tricks that attackers love to exploit. It’s like a behind-the-scenes tour of cloud hacking, but instead of popcorn, you’ll walk away with security tips to lock things down.
🥗 AWS security blogs
- 📣 AWS WAF enhances Data Protection and logging experience
- Enhance your Security Posture and Reduce False Positives using Client JA3 Fingerprint and HTTP Header Order by Ram Cholan
- NATO’s march to multi-domain operations: Transforming the alliance with hyperscale cloud by David Appel
- From log analysis to rule creation: How AWS Network Firewall automates domain-based security for outbound traffic by Mary Kay Sondecker
🍛 Reddit threads on r/aws
- I just hacked for $60k… no idea what to do and no AWS support
- How to connect to your RDS databases with SSO
- Understanding aws:SourceOrgId and aws:SourceOrgPaths
- Trusted Identity Propegation
- Help us build the best Identity SecOps agent to remediate cloud security risks
- S3 Wiped, Ransom Note Left – Possible .env Leak
💸 Sponsor shoutout
Have you got a long list of AWS security issues you could fix but no idea how bad any of it really is?
Instead, start a free trial with Plerion. Focus on the 1% of risks that matter & achieve better security outcomes.
Simplify cloud security with Plerion.
🤖 Dessert
Dessert is made by robots, for those that enjoy the industrial content.
🧁 IAM permission changes
🍪 API changes
🍹 IAM managed policy changes
☕ CloudFormation resource changes
🎮 Amazon Linux vulnerabilities
📺 AWS Security Bulletins
-
No bulletins this week.
