Security Newsletter - Ransomware to be treated almost as terrorism. Norton will let you mine crypto. Cooperation on browser extension security.
Dieter Van der StockJun 07
7
Monday June, 2021
SRE Weekly Issue #273
Lex NevaJun 07
📖 [The CloudSecList] Issue 90
Marco from CloudSecListJun 06
[tl;dr sec] #86a - The Missing Mobile Security
Clint at tl;dr secJun 03
[tl;dr sec] #86 - Dockerfile Best Practices, Mobile Security
Clint at tl;dr secJun 03
AWS Security Hub adds 16 new controls to its Foundational Security Best Practices standard for enhanced cloud security posture monitoring
Jun 4
AWS Security Hub has released 16 new controls for its Foundational Security Best Practice standardand, nbsp;to enhance customers' cloud security posture monitoring. These controls conduct fully automatic checks against security best practices for Amazon API Gateway (APIGateway.2, APIGateway.3), AWS Elastic Beanstalk (ElasticBeanstalk.1, ElasticBeanstalk.2), Amazon RDS (RDS.12, RDS.13, RDS.14), Amazon EC2 …
Amazon Cognito now supports SMS Sandbox from Amazon SNS
Jun 2
Amazon Cognito now supports SMS Sandbox in Amazon SNS. Amazon Cognito makes it easy to add authentication, authorization, and user management to your web and mobile apps. Amazon Cognito scales to millions of users and supports sign-in with social identity providers, such as Apple, Facebook, Google, and Amazon, and enterprise …
AWS WAF and AWS Shield Advanced are available in Asia Pacific (Osaka)
Jun 1
Starting today, AWS WAF and AWS Shield Advanced are available in Asia Pacific (Osaka).
Amazon Forecast Service - 3 updated methods
Jun 3
Added optional field AutoMLOverrideStrategy to CreatePredictor API that allows users to customize AutoML strategy. If provided in CreatePredictor request, this field is visible in DescribePredictor and GetAccuracyMetrics responses.
Auto Scaling - 2 updated methods
Jun 2
You can now launch EC2 instances with GP3 volumes when using Auto Scaling groups with Launch Configurations
Matt Fuller @matthewdfuller
Did you know that there are nearly 100 ways data from one AWS account can be shared with another? In this post, I explore, in detail, every method of cross-account access.
#aws #cloud #security #devops #infosec
matthewdf10.medium.com/aws-accounts-a…
380
142Jun 02 · 2:03 AM
Scott Piper @0xdabbad00
Default budget controls is the single most important thing AWS employees could do both for ensuring long-term revenue growth by making it more approachable for beginners that will turn into larger customers AND to help low income groups have opportunities to safely learn.
Alex Chan @alexwlchan
Hey friends,
I have a panicked student in my DMs who’s accidentally racked up an $8k AWS bill.
My suggestion of “talk to Support” is no good—apparently they won’t issue a billing adjustment. Anybody got better ideas, or know someone at AWS who can help them out?
RT for reach?
18332May 31 · 8:34 PM
Christophe @christophetd
Ever wanted to retrieve AWS security credentials from the AWS console? (AWS_ACCESS_KEY_ID etc.)
Tiny blog post: blog.christophetd.fr/retrieving-aws…
Useful for identity federation when the IdP doesn't support the CLI, or for pentesting if you compromised browser cookies of a target.
15554Jun 05 · 7:30 PM Scott Piper @0xdabbad00
This is a cool way of AV scanning EC2s. Instead of an agent (which has performance, stability, and often negative security implications), snapshot the disk, and scan the snapshot instead.
Kelly Shortridge @swagitda_
Introducing Patrolaroid, a malware scanner for AWS instances that doesn't yeet around your prod.
@rpetrich & I made it OSS so ppl don't have to deploy sketchy security tools in prod just for basic coverage of malware, miners, toolkits, backdoors, etc.
github.com/rpetrich/patro…
8918Jun 04 · 3:26 PM Christophe @christophetd
Just updated my blog post comparing various Infrastructure-as-Code security scanning tools with the latest additions of regula and checkov - check it out!
blog.christophetd.fr/shifting-cloud…
Thread ⬇️
7621Jun 02 · 11:07 PM
Clint Gibler @clintgibler
🔥 Free mobile security class by @reyammer
* Slides
* Recordings
* Hands-on reversing and exploitation challenges
This is probably one of the best mobile security resources out there, and it's free!
Thanks @reyammer, super useful 🙏
mobisec.reyammer.io
6523Jun 02 · 5:00 PM Clint Gibler @clintgibler
📖 Curious what various pen testing firms' reports look like?
Check out this repo by @juliocesarfort
Contains a TON of public reports by consulting firms and academic security groups
#Pentesting
github.com/juliocesarfort…
5521Jun 02 · 9:00 PM Matt Fuller @matthewdfuller
Taking a bit of a break from my technical blog posts to share some thoughts on interviewing for cloud security roles. Feedback is welcome! Please share what kinds of ?s you ask when looking for your next gig.
#Cloud #Security #jobsearch #infosecurity
matthewdf10.medium.com/questions-to-a…
4517Jun 01 · 3:33 AM
Aidan W Steele @__steele
I have to say I wasn't expecting this level of shade from the GitHub API this morning.
574Jun 07 · 2:21 AM
Kinnaird McQuade💥☁️ @kmcquade3
I started dating my hot crush from grad school (5+ years later!) and I’m pretty sure I can die from happiness right now
540Jun 03 · 4:15 PM
- 🖊️ This newsletter was fwd to you? Subscribe here
- 💌 Want to suggest new content: contact me or reply to this email
- ⚡️ Powered by Mailbrew
