🥖 Palette Cleanser

Somehow it's 28°C (82°F) and sunny today in Sydney after months of cold and rain. I'm excited to be spending it writing for you, my wonderful subscribers.

This week we had another public example of how attackers can end up rummaging around in your AWS environment. We have to take some minor leaps because not all the details are public, but according to the Salesloft breach disclosure, an attacker started with access to their GitHub account. They abused that to get credentials into AWS, and then grabbed more from there, eventually making a trip back to "Drift customers’ technology integrations." Mandiant published more details about the threat actor's (UNC6395) general activities, but my takeaway is attackers don't mind jumping up and down the tech stack.

Last call for fwd:cloudsec EU tickets, as the conference runs September 15-16 in Berlin. Many of the researchers I regularly feature here will be speaking, so it's worth making the trek.

Have feedback about AWS Security Digest? Tell us here. This issue is also available to share online.

📋 Chef's selections

• Credential Exfiltration Paths in AWS Code Interpreters by Nigel Sood

  Many compute resources in Bedrock AgentCore (including code interpreters) run on Firecracker MicroVMs, which can be configured to use the MicroVM Metadata Service. With minimal effort, Nigel wrote code to pull the execution role creds. According to AWS, this is expected behavior, but it feels like an insecure default that’s going to get people rekt.

• Simulating Ransomware with AWS KMS by Alexis Obeng

  We've covered KMS ransomware plenty in past ASD issues, but how do you test your preparedness? This post walks through simulating an attacker by creating an EXTERNAL origin KMS key, importing your own key material, re-encrypting RDS snapshots or EBS volumes, and then deleting that material to see how your environment reacts. It’s a practical lab guide that gives you the exact IAM permissions and AWS CLI steps needed to safely rehearse the scenario.

• GCP Workload Identity Federation with AWS ECS Tasks by Abhishek Agarwal

  GCP Workload Identity Federation lets AWS workloads authenticate to GCP without long-lived keys, but the google-auth libraries only support EC2 out of the box. On ECS tasks, WIF breaks because the config hardcodes EC2 metadata, so you need either a custom AWS credential supplier or a workaround that sets ECS task credentials in environment variables. The post walks through both approaches with code samples and Terraform.

Bonus: From Compromised Keys to Phishing Campaigns: Inside a Cloud Email Service Takeover

🥗 AWS security blogs

• 📣 Enhancing threat detection with Amazon GuardDuty new custom entity lists
• 📣 AWS adds support for three new condition keys to govern API keys for Amazon Bedrock
• 📣 AWS Config now supports 5 new resource types
• Building geolocation verification for iGaming and sports betting on AWS by Dr. Mike Reaves
• How Second Front Game Warden enables classified workloads on AWS by Vin Minichino
• How Netop can help customers meet NIS2 Directive requirements in the EU by Arseni Yustus
• Achieve full control over your data encryption using customer managed keys in Amazon Managed Service for Apache Flink by Lorenzo Nicora
• AWS IoT Services Alignment with the European Union Cyber Resilience Act (EU CRA) by Syed Rehan
• Updated conformance packs for Australian government security frameworks by Khoa Duong

🍛 Reddit threads on r/aws

• Best Practice when storing URLs in Databases
• How can an on prem Talos instance securely assume an IAM Role?
• 🛠️ The Day an Upgrade Broke My Cluster: IMDSv1 to IMDSv2 Migration Story

💸 Sponsor shoutout

Meet Pleri: your AI-powered cloud security teammate. She’s not a chatbot. Pleri proactively finds meaningful security work and fixes issues before they become problems.

Learn more about Pleri and see her in action.

🧁 IAM permission changes

• notifications
• glue
• bedrock
• kinesis
• mq
• cleanrooms
• iam
• aiops

🍪 API changes

• Amazon SageMaker Service
• AWS Clean Rooms Service
• AWS CloudFormation
• Amazon Elastic Compute Cloud
• OpenSearch Service Serverless
• Amazon Relational Database Service
• Amazon Verified Permissions
• AWS Clean Rooms Service
• AWS Clean Rooms ML
• Amazon CloudFront
• AmazonMQ
• Amazon Relational Database Service
• Amazon Route 53
• Amazon Route 53 Domains
• Amazon Elastic Compute Cloud
• AWS User Notifications

🍹 IAM managed policy changes

• SecurityAudit
• SageMakerStudioQueryExecutionRolePolicy
• AmazonTimestreamConsoleFullAccess
• AWSResourceExplorerServiceRolePolicy
• ViewOnlyAccess
• ReadOnlyAccess
• AWSUserNotificationsServiceLinkedRolePolicy

☕ CloudFormation resource changes

• AWS::CloudFront::Distribution

🎮 Amazon Linux vulnerabilities

• CVE-2025-54588
• CVE-2025-9817
• CVE-2025-55162
• CVE-2025-9810

📺 AWS security bulletins

No bulletins this week.

🚬 Security documentation changes

No bulletins this week.