Lex NevaAug 16
16
Monday August, 2021
SRE Weekly Issue #283
📖 [The CloudSecList] Issue 100
Marco from CloudSecListAug 15
[tl;dr sec] #96 - Learn Reverse Engineering, Cloud Security Orienteering
Clint at tl;dr secAug 12
AWS WAF now offers managed rule group versioning
Aug 9
AWS WAF now enables you to select a specific version of a managed rule group within your web ACL, giving you the ability to test new rule updates safely and roll back to previously tested versions. When using a versioned managed rule group, you control when new rule updates are …
Amazon Connect Customer Profiles - 4 updated methods
Aug 13
This release introduces Standard Profile Objects, namely Asset and Case which contain values populated by data from third party systems and belong to a specific profile. This release adds an optional parameter, ObjectFilter to the ListProfileObjects API in order to search for these Standard Objects.
Amazon ElastiCache - 10 updated methods
Aug 13
This release adds ReplicationGroupCreateTime field to ReplicationGroup which indicates the UTC time when ElastiCache ReplicationGroup is created
Amazon EMR - 6 updated methods
Aug 13
Amazon EMR customers can now specify custom AMIs at the instance level in their clusters. This allows using custom AMIs in clusters that have instances with different instruction set architectures, e.g. m5.xlarge (x86) and m6g.xlarge (ARM).
Amazon API Gateway - 4 updated methods
Aug 12
Adding support for ACM imported or private CA certificates for mTLS enabled domain names
How US federal agencies can use AWS to improve logging and log retention
Derek DoerrAug 13
This post is part of a series about how Amazon Web Services (AWS) can help your US federal agency meet the requirements of the President’s Executive Order on Improving the Nation’s Cybersecurity. You will learn how you can use AWS information security practices to help meet the requirement to improve …
How AWS can help your US federal agency meet the executive order on improving the nation’s cybersecurity
Michael CottonAug 13
AWS can support your information security modernization program to meet the President’s Executive Order on Improving the Nation’s Cybersecurity (issued May 12th, 2021). When working with AWS, a US federal agency gains access to resources, expertise, technology, professional services, and our AWS Partner Network (APN), which can help the agency …
appsync: 43 updated actions
Aug 14
43 updated actions: CreateApiCache (description), CreateApiKey (description), CreateDataSource (description), CreateFunction (description), CreateGraphqlApi (description, access), CreateResolver (description), CreateType (description), DeleteApiCache (description), DeleteApiKey (description), DeleteDataSource (description), DeleteFunction (description), DeleteGraphqlApi (description), DeleteResolver (description), DeleteType (description), FlushApiCache (description), GetApiCache (description), GetDataSource (description), GetFunction (description), GetGraphqlApi (description), GetIntrospectionSchema (description), GetResolver (description), GetSchemaCreationStatus (description), GetType (description), …
route53-recovery-readiness: 3 updated actions
Aug 14
3 updated actions: GetRecoveryGroupReadinessSummary (description), TagResource (conditions), UntagResource (conditions)
route53-recovery-control-config: 1 new action | 1 updated action
Aug 14
1 new action: ListSafetyRules (list safety rules); 1 updated action: ListAssociatedRoute53HealthChecks (access)
tag: 8 updated actions
Aug 13
8 updated actions: DescribeReportCreation (description), GetComplianceSummary (description), GetResources (description), GetTagKeys (description), GetTagValues (description), StartReportCreation (description), TagResources (description), UntagResources (description)
Christophe The fwd:cloudsec talks schedule is out, and I couldn't be more excited. Includes adversary emulation, IR, shifting left, container security, IAM, and…
fwd:cloudsec Our final selections for speakers for fwd:cloudsec have been made. We had so many amazing talks submitted (140 of them!) so narrowing it down to 30 w…
Victor GRENU A lot of magic will happen here at fwd:cloudsec conf 2021: Take a look at the final selection of speakers 👀 - fwdcloudsec.org/speakers.html
Scott Piper From AWS's new "Building an AWS Perimeter" whitepaper "The circle that defines an AWS perimeter is typically represented as an AWS organization". 🤔 …
Clint Gibler 🙅 Building an #AWS Perimeter Whitepaper by AWS covering: * Perimeter objectives * Identity, resource, and network boundaries * Preventing access to …
Aidan W Steele @__steele
AWS just made its biggest ever addition to its IP ranges: an extra 5.5M (~10%) IPv4 addresses.
github.com/seligman/aws-i…
Aidan W Steele @__steele
Are you a software developer who just heard about the latest IPCC report and don’t know if there’s anything you can do to help?
Switch your AWS deployment to us-west-2 or eu-west-1. Same price, same functionality, but carbon-neutral.
sustainability.aboutamazon.com/environment/th…
Marco Lancini @lancinimarco
This week CloudSecList reached an important milestone: the 100th issue! 🎉🎉 It definitely came a long way since issue #1 (go check it out!), and for this I have to thank all those who subscribed 🙏 cloudseclist.com/issues/issue-1…
Brigid Johnson @bjohnso5y
Celebrating 7⃣ years at Amazon, 7⃣ years in AWS, 7⃣ years in AWS Identity. Here is my reflection on AWS and the 7 year itch!
bit.ly/2VMHrGg
Clint Gibler @clintgibler
📚 tl;dr sec 96
* Free reverse engineering workshops @OphirHarpaz, @malwareunicorn, @maddiestone
* @ramimacisabird Cloud security orienteering
* @chompie1337 Kernel pwning w/ eBPF
* @dguido Stolen scooter? Airtags!
* @efrowning Slack's static analysis
tldrsec.com/blog/tldr-sec-…
Toni de la Fuente @ToniBlyx
Prowler 2.5.0 - Senjutsu 🔥🔥🤘github.com/toniblyx/prowl…
fwd:cloudsec @fwdcloudsec
Our final selections for speakers for fwd:cloudsec have been made. We had so many amazing talks submitted (140 of them!) so narrowing it down to 30 was quite a challenge. Have a look at fwdcloudsec.org/speakers.html
Scott Piper @0xdabbad00
AWS needs to better advertise that you get a gold track suit if you complete all certs! If anyone shows up to fwd:cloudsec wearing one of these, along with some SLC-based pit viper sunglasses, I'll buy you a drink.
pitviper.com
rowan @elrowan
Can't get enough of these tables by @jbesw comparing different - but similar! - service offerings from AWS.
This time it's Kinesis Data Streams vs Amazon SQS queues
aws.amazon.com/blogs/compute/…
Scott Piper @0xdabbad00
I'm looking forward to seeing how Prowler generates this Quicksight dashboard of AWS security issues. 😍
Toni de la Fuente @ToniBlyx
Prowler 2.5.0 - Senjutsu 🔥🔥🤘github.com/toniblyx/prowl…
AWS IP Ranges just grew by 5 million IPs
Just a heads up for those that need to track what IPs AWS uses for whatever reason:
They just pushed their single largest change since I started tracking the file 5 or so years ago. They added around 5 million new addresses for about a 9% increase in the IP …
Beginner question - are there public designs that companies publish to show their architecture at AWS?
I started learning for the SAA cert and one of the things the instructor goes over are some real life examples of were a certain service would be useful and how to utilize certain features for compliance, cost savings, etc.
I was wondering if some companies are publishing their infrastructure …
AWS re:Inforce 2021 - CANCELLED
Understandable considering the situation in Texas. Pretty unfortunate since I was looking forward to it.
How big a threat is Petit Potam really?
From this article, it looks like something to keep an eye on - https://blog.cyberint.com/petitpotam-ntlm-relay-attack?
Thoughts? I mean they actually got Microsoft - https://threatpost.com/microsoft-petitpotam-poc/168163/
- 🖊️ This newsletter was fwd to you? Subscribe here
- 💌 Want to suggest new content: contact me or reply to this email
- ⚡️ Powered by Mailbrew
- 🐦 Follow me on Twitter or hire me.
