🥖 Palette Cleanser

When your local security professional goes on and on about "blast radius", this is what they are talking about... This week LexisNexis confirmed a breach of their AWS infrastructure. Attackers exploited an unpatched React app to gain access, then pivoted through an overly permissive ECS task role that had read access to every secret in the account, including the production Redshift master credential. The result was 536 Redshift tables, 53 AWS Secrets Manager secrets in plaintext, and 3.9M database records exfiltrated.

Since everyone wants to play AI, AWS just launched a Lightsail OpenClaw template. A private AI chat gateway that runs entirely in your AWS account, pre-configured with Amazon Bedrock and Claude Sonnet 4.6 by default. No Mac Mini required. Your prompts, your account, your infrastructure, so you can now rm -rf your entire AWS account by accident, for funsies. :)

Finally, Scott Piper is getting the word out for more folks to join the Cloud Security Forum Slack. It's the go-to place for deep discussion on cloud security from practitioners, consultants, and cloud provider employees alike. It's also affiliated with fwd:cloudsec. DM Scott for an invite, and ask him for a cloud security history lesson while you're at it.

Have feedback about AWS Security Digest? Tell us here. This issue is also available to share online.

📋 Chef's selections

• The AWS Console and Terraform Security Gap by Laurence Tennant

  This one's a couple of weeks old but too good not to admit I missed it. The AWS Console now enforces secure defaults like RDS encryption and requiring a source ARN on Lambda permissions, but Terraform inherits the legacy API defaults where storage_encrypted is false and source_arn is optional. That means the same resource created via Console vs Terraform can have wildly different security postures. Oops. Useful walkthrough of the gaps, plus practical fixes with SCPs, Trivy, and golden modules.

• Stop Enabling Every AWS Security Service by Sena Yakut

  Security services are good, right? This practical reminder that turning on every AWS security service on day one gets you thousands of alerts nobody investigates and dashboards nobody checks. Sena reckons you should start with threat modeling your actual architecture, figure out where your real breaking points are, and then pick the controls that match. Good coverage of cost awareness, service overlap with third-party tools, and why IAM Identity Center with temporary credentials beats piling on more monitoring.

🥗 AWS security blogs

• 📣 Multi-party approval now supports approval team baselining
• 📣 AWS Shield network security director findings are now available in AWS Security Hub
• 📣 AWS simplifies IAM role creation and setup in service workflows
• 📣 AWS Batch now supports configurable scale down delay
• Introducing Amazon Gamelift Servers DDOS Protection by Adam Chernick
• AWS Weekly Roundup: OpenAI partnership, AWS Elemental Inference, Strands Labs, and more (March 2, 2026) by Micah Walter
• Continuous Compliance in the Cloud: Automating File Security for Regulated Industries by CJ Sturgess
• TIC 3.0 architecture migration for federal agencies using AWS Transit Gateway by Natti Swaminathan
• AWS completes the 2026 annual Dubai Electronic Security Centre (DESC) certification audit by Tariro Dongo
• 2025 ISO and CSA STAR certificates are now available with one additional service and one new region by Chinmaee Parulekar
• Enhanced access denied error messages with policy ARNs by Stella Hie
• 2025 FINMA ISAE 3000 Type II attestation report available with 183 services in scope by Tariro Dongo
• 2025 PiTuKri ISAE 3000 Type II attestation report available with 183 services in scope by Tariro Dongo
• Understanding IAM for Managed AWS MCP Servers by Riggs Goodman III

🍛 Reddit threads on r/aws

No threads this week.

💸 Sponsor shoutout

Meet Pleri: your AI-powered cloud security teammate. She’s not a chatbot. Pleri proactively finds meaningful security work and fixes issues before they become problems.

Learn more about Pleri and see her in action.

🧁 IAM permission changes

• connect
• securityagent
• mpa
• health-agent
• cloudfront

🍪 API changes

• Amazon Bedrock AgentCore Control
• Amazon Bedrock
• Amazon Connect Service
• AWSDeadlineCloud
• Amazon GameLift Streams
• Connect Health
• Amazon Elastic Compute Cloud
• Amazon GuardDuty
• AWS Multi
• Amazon SageMaker Service
• AWS Savings Plans
• Amazon Connect Service
• AWS Elastic Beanstalk
• Amazon Elasticsearch Service
• Amazon GameLift
• Amazon OpenSearch Service
• Amazon QuickSight
• Amazon Bedrock AgentCore Control
• Amazon DataZone
• Amazon CloudWatch Logs
• Partner Central Channel API
• Amazon SageMaker Service

🍹 IAM managed policy changes

No changes this week.

☕ CloudFormation resource changes

• AWS::BedrockAgentCore::PolicyEngine
• AWS::BedrockAgentCore::Policy

🎮 Amazon Linux vulnerabilities

• CVE-2026-3632: libsoup hostname validation bypass enables HTTP smuggling/SSRF
• CVE-2026-3634: libsoup3 Content-Type header injection and response splitting
• CVE-2026-3633: libsoup arbitrary HTTP header injection via unsanitized input
• CVE-2026-29062: jackson-core nested JSON bypass causes StackOverflow DoS (7.5)
• CVE-2026-3442: binutils heap buffer overflow in bfd linker
• CVE-2026-3196: QEMU virtio-snd integer overflow causes unbounded memory alloc
• CVE-2026-3441: binutils heap buffer overflow in bfd linker
• CVE-2026-3195: QEMU virtio-snd heap out-of-bounds write (7.4)
• CVE-2026-3381: Compress::Raw::Zlib ships insecure zlib versions (7.3)
• CVE-2026-1605: Jetty GzipHandler Inflater leak causes DoS (7.5)
• CVE-2025-69534: Python-Markdown malformed HTML causes DoS (8.2)
• CVE-2025-11143: Jetty differential URI parsing enables security bypass
• CVE-2026-23232: Linux kernel f2fs checkpoint deadlock
• CVE-2026-23235: Linux kernel f2fs sysfs OOB memory access (7.8)
• CVE-2026-23237: Linux kernel Classmate driver NULL pointer deref
• CVE-2026-2297: CPython .pyc import bypasses sys.audit hooks
• CVE-2026-23233: Linux kernel f2fs swap data corruption (7.1)
• CVE-2025-71238: Linux kernel qla2xxx driver double free (7.3)
• CVE-2026-23238: Linux kernel romfs block size validation missing
• CVE-2026-3520: Multer malformed request stack overflow DoS (7.5)
• CVE-2026-23234: Linux kernel f2fs use-after-free on loop unmount (7.0)
• CVE-2026-23236: Linux kernel fbdev smscufx userspace memory ref (7.8)
• CVE-2026-23231: Linux kernel netfilter nf_tables use-after-free (7.0)
• CVE-2025-12801: nfs-utils rpc.mountd bypasses root_squash restrictions
• CVE-2026-3494: MariaDB audit plugin bypass via SQL comment prefixes
• CVE-2026-27622: OpenEXR integer wraparound causes buffer overrun (7.4)

📺 AWS security bulletins

• Issue with AWS-LC: an open-source, general-purpose cryptographic library (CVE-2026-3336, CVE-2026-3337, CVE-2026-3338)
• MariaDB Server Audit Plugin Comment Handling Bypass

🚬 Security documentation changes

• Bedrock: added KMS encryption and concurrency params for CLI commands
• CDK: hardcoding AWS credentials now "not recommended for production"
• Deadline Cloud: new worker host log folder permission guidance
• Inspector: CVE-2025-15558 fix requires SBOM Generator v1.11.1
• Inspector: SBOM Generator v1.11.1 release with SHA-256 checksums
• AL2023: package updates including openssh, openssl, kernel, nginx
• AL2023: package version updates for 2023.10 release
• AL2023: package updates including openssl, curl, log4j
• AL2023: kernel 6.18 support, Attack Vector Controls for CPU mitigations
• Neptune: added IAM policy examples for S3 and Neptune DB access
• Redshift: patch 199 release notes
• SageMaker: Nova docs redirected, removed KMS key usage details
• SMS/Voice: LOA required for Turkey sender ID registrations
• SMS/Voice: expanded UAE sender ID registration requirements
• Route53: detecting Dictionary DGA attacks via domain names
• Amazon MQ: recovering admin access via IAM auth and OAuth 2.0/JWT
• Aurora DSQL: token expiration defaults now 15 min, local generation note
• Aurora DSQL: KMS key policy guidance for customer-managed keys
• Aurora DSQL: auth token type mismatch error resolution
• CDK: Security Hub remediation steps for bootstrap IAM and KMS.2
• CLI: added encryption key ARN and tags for policy engine creation
• Connect: granular security profile permissions for metrics access
• DMS: now supports SSL verify-full for Redshift Serverless targets
• EKS: clarified ingress config and security group annotation usage
• EKS: recommends podSecurityGroupSelectorTerms over SGPP
• EKS: pod networking with separate subnets, security groups, IPv6 egress
• EventBridge: fixed KMS policy condition key to kms:ResourceTag
• Inspector: false positive fix for CVE-2025-68121 via SBOM upgrade
• IVS: added security headers (CSP, HSTS) and AccessDeniedException
• IVS: added security headers (CSP, X-Frame-Options)
• Mainframe Modernization: new runtime error codes for file access and SQL
• Neptune: encrypted snapshots now require copy before restore
• Neptune: deprecated SigV4 library, use requestInterceptor() instead
• ROSA: FedRAMP High and HIPAA now supported for HCP
• SageMaker: IAM permissions for Restricted Instance Groups with AMP
• Security IR: removed "optional" language for proactive response
• Security IR: proactive response now core feature with GuardDuty dependency
• SMS/Voice: phishing/smishing simulations via SMS now prohibited
• Wickr: IAM policy permissions reduced from create/manage to list