Security Newsletter - Cyber insurance giant CNA pays out $40 million. Some new stuff in ransomware infections. Some good reads.
Dieter Van der StockMay 24
24
Monday May, 2021
SRE Weekly Issue #271
Lex NevaMay 24
📖 [The CloudSecList] Issue 88
Marco from CloudSecListMay 23
[tl;dr sec] #84 - Establishing a Cloud Security Program, Measuring Security
Clint at Practical Program AnalysisMay 20
Amazon Macie supports criteria-based bucket selection for sensitive data discovery jobs
May 17
Amazon Macie now allows you to define a run-time criteria to determine which S3 buckets should be included in a sensitive data discovery job. When a job runs, Macie identifies the S3 buckets that match your criteria and automatically adds or removes them from the job's scope. This capability makes …
Amazon Elastic File System - 2 new methods
May 21
EFS now supports account preferences. Utilizing the new capability, users can customize some aspects of their experience using EFS APIs and the EFS Console. The first preference clients are able to set is whether to start using longer File System and Mount Target IDs before EFS migrates to such IDs.
Amazon Forecast Service - 1 updated methods
May 21
Updated attribute statistics in DescribeDatasetImportJob response to support Long values
Amazon Lex Model Building V2 - 6 new methods
May 20
Customers can now use resource-based policies to control access to their Lex V2 bots. This release adds APIs to attach and manage permissions for a bot or a bot alias. For details, see: https://docs.aws.amazon.com/lexv2/latest/dg/security_iam_service-with-iam.html
Building fine-grained authorization using Amazon Cognito, API Gateway, and IAM
Artem LovanMay 21
Authorizing functionality of an application based on group membership is a best practice. If you’re building APIs with Amazon API Gateway and you need fine-grained access control for your users, you can use Amazon Cognito. Amazon Cognito allows you to use groups to create a collection of users, which is …
AWS Shield threat landscape review: 2020 year-in-review
Mário PinhoMay 20
AWS Shield is a managed service that protects applications that are running on Amazon Web Services (AWS) against external threats, such as bots and distributed denial of service (DDoS) attacks. Shield detects network and web application-layer volumetric events that may indicate a DDoS attack, web content scraping, or other unauthorized …
AWS Verified episode 5: A conversation with Eric Rosenbach of Harvard University’s Belfer Center
Stephen SchmidtMay 20
I am pleased to share the latest episode of AWS Verified, where we bring you conversations with global cybersecurity leaders about important issues, such as how to create a culture of security, cyber resiliency, Zero Trust, and other emerging security trends. Recently, I got the opportunity to experience distance learning …
How to verify AWS KMS signatures in decoupled architectures at scale
Raj JainMay 19
AWS Key Management Service (AWS KMS) makes it easy to create and manage cryptographic keys in your applications. The service supports both symmetric and asymmetric customer master keys (CMKs). The asymmetric CMKs offer digital signature capability, which data consumers can use to verify that data is from a trusted producer …
On Establishing a Cloud Security Program
Some actionable advice that can be undertaken to establish a cloud security program aimed at protecting a cloud native, service provider agnostic, container-based, offering
Clint Gibler ☁️ Establishing a Cloud Security Program @lancinimarco walks through building a best in class solution North ⭐️: Identity, Protect, Detect, Respond…
Marco Lancini ✍️ Just blogged: "🧩 On Establishing a Cloud Security Program 🧩" - Some actionable advice that can be undertaken to establish a #cloud #security progr…
Marco Lancini @lancinimarco
✍️ Just blogged: "🧩 On Establishing a Cloud Security Program 🧩" - Some actionable advice that can be undertaken to establish a #cloud #security program aimed at protecting a cloud native, service provider agnostic, container-based, offering marcolancini.it/2021/blog-clou…
130
51May 18 · 2:32 PM
Matt Fuller @matthewdfuller
Awhile ago I wrote a blog post tracking how logging could be enabled on 60+ #AWS services. I've gotten a lot of pings about updating the associated CSV, so I'm moving it to GitHub and MIT-licensing it to allow for easy community contributions:
github.com/matthewdfuller…
9525May 21 · 12:03 AM Matt Fuller @matthewdfuller
Introducing... Security Vendor Website Bingo!
Did I miss any good ones?
#cloud #security #saas #devops
6022May 18 · 11:00 PM Clint Gibler @clintgibler
🔍 How to test Chrome Extensions by @CryptoGangsta
Covers:
* Analyze native app <> extension traffic
* Unpacking, modifying (instrumenting)
* Reverse engineering obfuscated JS
* Dynamic analysis w/ DevTools
* Exporting functions for manual fuzzing
parsiya.net/blog/2021-04-3…
5422May 18 · 5:00 PM
Scott Piper @0xdabbad00
I'm hiring for the cloud security team at Aurora (self-driving vehicles). Someone to help implement zero trust things (such as Istio and OPA) in AWS and someone to help secure CI/CD things. Remote (US), experienced engineers.
aurora.tech/jobs/cloud-sec…
aurora.tech/jobs/cloud-sec…
5310May 20 · 2:59 AM Clint Gibler @clintgibler
🦊 FOX - Fix Objective-C XREFs in @GHIDRA_RE
Reversing iOS apps?
Check out @apps3c & @0xdea's Ghidra script that adds XREFs (and potential XREFs) to iOS disassembled and decompiled code
Uses the string arguments passed to `objc_msgSend`
security.humanativaspa.it/fox-fix-object… #redteam
4113May 17 · 9:00 PM Scott Piper @0xdabbad00
Public SSM docs found by the folks at Checkpoint.
research.checkpoint.com/2021/the-need-… ht @LastWeekinAWS
309May 18 · 4:24 AM
Kinnaird McQuade💥☁️ @kmcquade3
At Yellowstone. A ton of Buffalo came through my campground. Wild
330May 18 · 2:42 AM
Brigid Johnson @bjohnso5y
This weekend was the first time I have had “Brigid Energy” in a long time. Here is my story about how I recharged, what I did for myself, and what we did as a team. (1/15)
263May 17 · 10:59 PM
rowan @elrowan
Most (all?) of the AWS User Guides have a Troubleshooting section in them (at the end). If I'm going to be using a service a lot, I jump to that section and find out what the most common issues are, saves HEAPS of time e.g. docs.aws.amazon.com/IAM/latest/Use…, docs.aws.amazon.com/lambda/latest/…, etc
175May 21 · 11:00 PM
Talk me off a ledge - I'm a cloud architect trying to switch jobs and I've been passed on 3 jobs by failing coding challenges. Since when are cloud architects "engineers who read about aws?"
I'm currently a senior architect at a major FAANG level (but not one of the fab 5) company. 15 years xp and I have my masters in CS. At my firm, an architect is expected to be involved in major projects and we act as a blend of being an …
Four ways of writing infrastructure-as-code on AWS
I wrote the same app (API Gateway-Lambda-DynamoDB) using four different IaC providers and compared them across.
- AWS CDK
- AWS SAM
- AWS CloudFormation
- Terraform
https://www.notion.so/rxhl/IaC-Showdown-e9281aa9daf749629aeab51ba9296749
What's your preferred way of writing IaC?
IAM Zero: I released a tool which automatically suggests least-privilege IAM policies
A month ago I made a post about IAM Zero, a tool which detects IAM issues and suggests least-privilege policies.
It uses an instrumentation layer to capture AWS API calls and send alerts to a collector - similar to how Sentry, Rollbar, etc capture errors in web applications. The collector …
Difference between Microsoft Azure Security Center and Azure Sentinel
Many Cloud Engineers often fail to get the difference between Azure Security Center (ASC) and Azure Sentinel. These two products look very comparative at first and both are offered by Microsoft to secure your Azure infrastructure to the best of their abilities. There are a few fundamental explanations behind this …
- 🖊️ This newsletter was fwd to you? Subscribe here
- 💌 Want to suggest new content: contact me or reply to this email
- ⚡️ Powered by Mailbrew
