Security Newsletter - EA breached through Slack cookie. Colonial was breached through old VPN password. • SRE Weekly Issue #274 • 📖 [The CloudSecList] Issue 91 • [tl;dr sec] #87 - Easy Temporary Cloud Access, Monopol-easy Money • AWS Managed Microsoft Active Directory (AD) and AD Connector now support AD authentication with AWS Transfer Family • Amazon Cognito now supports targeted sign out through refresh token revocation • Amazon Cognito is now available in the Middle East (BAH) Region • Amazon Cognito is now available in the Middle East (Bahrain) Region • Amazon Elastic Compute Cloud - 2 new 1 updated methods • AWS MediaConnect - 3 updated methods • AWS Elemental MediaLive - 15 updated methods • Amazon Appflow - 3 updated methods • Xen Security Advisories (XSA-372, 373, 374, 375, and 377) • runC Security Issue (CVE-2021-30465) • Announcing the AWS Security and Privacy Knowledge Hub for Australia and New Zealand • Creating a notification workflow from sensitive data discover with Amazon Macie, Amazon EventBridge, AWS Lambda, and Slack • How to implement SaaS tenant isolation with ABAC and AWS IAM • Phishing for AWS credentials via AWS SSO device code authentication • fwd:cloudsec • Open Source Insights • <a href="https://twitter.com/hashtag/Pacu" target="_blank">#Pacu</a> is officially part of <a href="https://twitter.com/kalilinux" target="_blank">@kalilinux</a>! <a href="https://t.co/kv7F5O2EBK" target="_blank">pkg.kali.org/pkg/pacu</a> <a href="https://t.co/i05UaLAYwu" target="_blank">github.com/RhinoSecurityL…</a> • [Blog post] Identity providers implementing 'device code' authentication flows are by design vulnerable to phishing attacks rendering MFA ineffective. 🎣 AWS SSO is one of them. <a href="https://t.co/H9EXW7zjfS" target="_blank">blog.christophetd.fr/phishing-for-a…</a> Includes proof-of-concept, IoCs and detection strategies with CloudTrail. • ⚛️ Mobile <a href="https://twitter.com/pdnuclei" target="_blank">@pdnuclei</a> templates 40+ nuclei templates that scan for: * Secrets and tokens * Interesting settings, configurations, &amp; method calls by <a href="https://twitter.com/0xgaurang" target="_blank">@0xgaurang</a> &amp; <a href="https://twitter.com/Tyl0us" target="_blank">@Tyl0us</a> <a href="https://twitter.com/hashtag/bugbounty" target="_blank">#bugbounty</a> <a href="https://twitter.com/hashtag/security" target="_blank">#security</a> <a href="https://t.co/5FRhHBY86N" target="_blank">github.com/optiv/mobile-n…</a> • 🚂 Steampipe: select * from cloud; Stop writing one-off scripts and using a bunch of tools/APIs Use SQL 🚀 to query across: * Your cloud env (AWS, Azure, ...) * Slack * GitHub * Kubernetes * Twitter * and many other resources <a href="https://t.co/vJFOy9F8ZU" target="_blank">steampipe.io</a> • This morning I sat down at my desk and my computer was super hot. Turns out there's an issue with VS Code / Electron where it will use 100% of a core waiting for the user to approve an update - even if it's 4 AM and that user won't be up for hours. <a href="https://t.co/utAsEbx8T7" target="_blank">github.com/microsoft/vsco…</a> • There have been times I've felt overwhelmed, stressed, and other concerns over fwd:cloudsec, but in looking at the CFP submissions so far, I'm so excited! This is going to be awesome. And the CFP is still open! 🤯(CFP closes July 16. Conference on Sep 13-14). • Heard this today from someone using a security tool that I wrote: “I don’t want to say that it only took 10 minutes to apply 300+ security guardrails with your tool… but it only took 10 minutes.” 😂 I love this. Makes me so happy. • Probably my favourite blog on ABAC in AWS IAM so far <a href="https://t.co/mCOcFMjY0e" target="_blank">aws.amazon.com/blogs/security…</a> It goes in to when ABAC is appropriate (when you have a large number of tenants in a single account), which is not always the case. The different service examples (DDB, ES, S3) are good too. • Learning Terraform was a turning point for me in my career and in my confidence as a technologist. I don’t use it as much these days, but I feel a twinge of nostalgia after seeing this. Terraform has come a long way. Congrats to the HashiCorp team and to the community. • I really think GitHub actions is about to be the silent vector for AWS account compromises. • Why is Amazon using Fastly.com for their CDN and not Cloudfront? • AWS Removes NAT Gateway’s Dependence on Internet Gateway for Private Communications • iOS 15 uses Cloudflare Warp to mask users IPs which is causing issues with Cloudfront GEO restrictions • Turn off BitLocker on Windows Devices before Importing a VM into AWS! • Top ten AWS identity health checks to improve security in the cloud • Crypto Exchange Security: "As of today, there are a total of 51 hacking events, with lost funds amounting to a total of approximately $2.1 billion at the time of these hacks, with the Mt.Gox hack of 2014 being the biggest casualty yet with $661,348,000 of stolen funds." • Ive created a easy to use Honeypot called "Pottr" for real time threat detection, please check out my demo, feedback is very much appreciated :) • AWS, Google Cloud, and Azure: How their security features compare - CSO Online • CyberArk Expands Availability of Identity Security Offerings on AWS Marketplace - Yahoo Finance • AWS Security Compliance Cheat Sheet - Security Boulevard

 Windowsdeleted  ClientError: Boot Configuration Data store not found