Lex NevaJul 26
26
Monday July, 2021
SRE Weekly Issue #280
📖 [The CloudSecList] Issue 97
Marco from CloudSecListJul 25
[tl;dr sec] #93 - Reading Your CSO's Performance Review, Fuzzing
Clint at tl;dr secJul 22
AWS Glue DataBrew - 8 updated methods
Jul 22
This SDK release adds two new features: 1) Output to Native JDBC destinations and 2) Adding configurations to profile jobs
Amazon Elastic Compute Cloud - 3 new 16 updated methods
Jul 22
This release allows customers to assign prefixes to their elastic network interface and to reserve IP blocks in their subnet CIDRs. These reserved blocks can be used to assign prefixes to elastic network interfaces or be excluded from auto-assignment.
AWS Elemental MediaLive - 8 updated methods
Jul 22
MediaLive now supports passing through style data on WebVTT caption outputs.
Amazon QLDB - 3 updated methods
Jul 22
Amazon QLDB now supports ledgers encrypted with customer managed KMS keys. Changes in CreateLedger, UpdateLedger and DescribeLedger APIs to support the changes.
The three most important AWS WAF rate-based rules
Artem LovanJul 23
In this post, we explain what the three most important AWS WAF rate-based rules are for proactively protecting your web applications against common HTTP flood events, and how to implement these rules. We share what the Shield Response Team (SRT) has learned from helping customers respond to HTTP floods and …
How to restrict IAM roles to access AWS resources from specific geolocations using AWS Client VPN
Artem LovanJul 20
You can improve your organization’s security posture by enforcing access to Amazon Web Services (AWS) resources based on IP address and geolocation. For example, users in your organization might bring their own devices, which might require additional security authorization checks and posture assessment in order to comply with corporate security …
Implement a centralized patching solution across multiple AWS Regions
Akash KumarJul 19
In this post, I show you how to implement a centralized patching solution across Amazon Web Services (AWS) Regions by using AWS Systems Manager in your AWS account. This helps you to initiate, track, and manage your patching events across AWS Regions from one centralized place. Enterprises with large, multi-Region …
Kinnaird McQuade💥☁️ @kmcquade3
✨Just released a new cloud security tool ✨ - Cloud Guardrails (for Azure).
It helps you rapidly cherry-pick security guardrails by generating Terraform files that apply 100s of Azure Policies (like AWS SCPs but on steroids).
Code and docs: github.com/salesforce/clo…
🧵
Scott Piper @0xdabbad00
Vuln in dependabot to steal github access tokens, getting a shell to create commits and PRs as the verified Dependabot, and RCE in npm. Lot's of stuff here.
左京区御中 @tyage
writeup about a bug in the npm I found recenly
blog.tyage.net/posts/2021-06-…
Clint Gibler @clintgibler
🐋 Sign Container Images with cosign and verify their signature with @OpenPolicyAgent
@developerguyba describes how to ensure only images that have valid signatures can be deployed into production-grade #Kubernetes clusters
github.com/developer-guy/…
Clint Gibler @clintgibler
🔥 LibAFL
* Written in @rustlang
* Multi-platform: Win, Android, MacOS, Linux
* no_std compatible
* Scales over cores & machines
* Different Modes like binary-only Frida
* Easy to extend w/ grammar fuzzing
by @andreafioraldi @domenuk et al #fuzzing
github.com/AFLplusplus/Li…
Ian Mckay @iann0036
S3 bucket squatting/sniping is alive and well. AWS Security reached out to me recently to politely ask to transfer some S3 buckets that the NICE DCV team requested, which I happily obliged. Here's a post for those unfamiliar with the issue onecloudplease.com/blog/s3-bucket…. 1/
Scott Piper @0xdabbad00
It's been a while since I reported a security issue to AWS. Happy Friday AWS security team. 😀 (It's not too bad, you can wait until Monday to look at it).
Michael Chan @mchancloud
Not just for IAM, this solution has a good pattern for those who want to centrally process data obtained from member accounts.
Danilo Poccia @danilop
Automate IAM credential reports at scale across AWS 👉 To list all your IAM users and the status of their credentials, including passwords, access keys, and multifactor-authentication devices buff.ly/2U0nbk1 #AWS #Security
Kinnaird McQuade💥☁️ @kmcquade3
Absolutely loving AWS Data Wrangler (basically Python Pandas on AWS). It abstracts the complexity of working with a bunch of AWS databases and data sources.
It's making my life soooo much easier right now. Thanks to the AWS team who put this together 🙌
github.com/awslabs/aws-da…
☁️ Andres Riancho @AndresRiancho
CVE-2020-17513: SSRF on Airflow.
Anyone knows how to exploit this vulnerability? I was unable to find the vulnerable parameter(s) or the commit that fixes it in github.com/apache/airflow…
Srinath Kuruvadi @secdrama
I'm hiring for a Sr. Cloud Security Engineer for my team at Netflix. There is no publicly posted job req yet. Please reach out to me on Twitter or LinkedIn if you are interested
We work on practical approaches to reducing cloud se…lnkd.in/gk5tFQ9 lnkd.in/gjkd7Cs
Why is cloud security important ?
Cloud security is critical for enterprises making the journey to the cloud. Cloud computing is no less vulnerable than an on-premise environment to security attacks that are continually growing and becoming more sophisticated. As a result, it's critical to partner with a cloud provider that provides best-in-class security that's tailored …
- 🖊️ This newsletter was fwd to you? Subscribe here
- 💌 Want to suggest new content: contact me or reply to this email
- ⚡️ Powered by Mailbrew
- 🐦 Follow me on Twitter or hire me.
