Lex NevaSep 13
13
Monday September, 2021
SRE Weekly Issue #287
📖 [The CloudSecList] Issue 104
Marco from CloudSecListSep 12
AWS Notification Message
GuardDutyAnnouncementsSep 09
[tl;dr sec] #100 - Visualizing Security, GraphQL
Clint at tl;dr secSep 09
AWS Firewall Manager Automations for AWS Organizations v1.1 is now available
Sep 8
The AWS Firewall Manager Automations for AWS Organizations solution allows you to centrally configure, manage, and audit firewall rules across all your accounts and resources in AWS Organizations. This solution is a reference implementation to automate the process to setup AWS Firewall Manager security policies. This solution supersedes AWS Centralized …
Amazon Detective offers Splunk integration
Sep 7
Amazon Detective, in coordination with the Splunk Trumpet project, has released the ability to pivot from an Amazon GuardDuty finding in Splunk directly to an Amazon Detective entity profile so that customers can quickly identify the root cause of potential security issues or suspicious activities.
Amazon CodeGuru Reviewer - 1 updated methods
Sep 9
The Amazon CodeGuru Reviewer API now includes the RuleMetadata data object and a Severity attribute on a RecommendationSummary object. A RuleMetadata object contains information about a rule that generates a recommendation. Severity indicates how severe the issue associated with a recommendation is.
Amazon EMR - 3 updated methods
Sep 9
This release enables customers to login to EMR Studio using AWS Identity and Access Management (IAM) identities or identities in their Identity Provider (IdP) via IAM.
Amazon Lookout for Equipment - 2 updated methods
Sep 9
Added OffCondition parameter to CreateModel API
Managed Streaming for Kafka - 1 new 5 updated methods
Sep 8
Amazon MSK has added a new API that allows you to update the encrypting and authentication settings for an existing cluster.
How US federal agencies can use AWS to encrypt data at rest and in transit
Robert GeorgeSep 10
This post is part of a series about how Amazon Web Services (AWS) can help your US federal agency meet the requirements of the President’s Executive Order on Improving the Nation’s Cybersecurity. You will learn how you can use AWS information security practices to meet the requirement to encrypt your …
17 additional AWS services authorized for DoD workloads in the AWS GovCloud Regions
Tyler HardingSep 8
I’m pleased to announce that the Defense Information Systems Agency (DISA) has authorized 17 additional Amazon Web Services (AWS) services and features in the AWS GovCloud (US) Regions, bringing the total to 105 services and major features that are authorized for use by the U.S. Department of Defense (DoD). AWS …
IAM Access Analyzer supports Amazon S3 Multi-Region Access Points
Sep 2
IAM Access Analyzer identifies Amazon S3 buckets that allow public and cross-account access, including those that use Amazon S3 Multi-Region Access Points.
AWS managed policy updates - Update to an existing policy
Sep 2
IAM Access Analyzer updated an existing AWS managed policy.
More services supported for action-level policy generation
Aug 24
IAM Access Analyzer can generate IAM policies with action-level access activity information for additional AWS services.
mediapackage-vod: 1 new action
Sep 11
1 new action: ConfigureLogs (configure egress access logs for a packaginggroup)
es: 2 new actions | 1 updated resource, 2 updated actions | 4 removed actions, 1 removed resource
Sep 11
2 new actions: StartServiceSoftwareUpdate (start opensearch software update of a domain to given version), UpgradeDomain (initiate upgrade of open search domain to given version); 1 updated resource: opensearchservice_role (arn); 2 updated actions: DescribeDomainAutoTunes (description, resources), CancelServiceSoftwareUpdate (description, resources)
Christophe @christophetd
New AWS IAM privilege escalation playground by @bishopfox - exciting! Learning by exploiting is a great way to learn.
Supports 30+ privesc techniques that can be deployed in your own AWS account granularly using Terraform
labs.bishopfox.com/tech-blog/iam-…
github.com/BishopFox/iam-…
Clint Gibler @clintgibler
🤖 Automating authorization testing
@0xTib3rius on how to find authz bugs in complex web apps (e.g. many user role types)
Using the AuthMatrix @Burp_Suite extension
#websecurity #bugbountytip
whiteoaksecurity.com/blog/authoriza…
Brigid Johnson @bjohnso5y
I'm really digging this marketing strategy 🤣🤣
Scott Piper @0xdabbad00
It's a crazy time to be in cloudsec. Unpatched issue in GCP in the thread that allows you to bypass org policy to backdoor your access, reported to Google 4 months ago, with repeated requests for updates and incorrect fixes.
katnik 💯 @NightmareJS
Ooofta, Really wanted this vuln to have been closed before publishing but as you can see from the reporting timeline, #google has blown past 3 promised 'fixed dates'. At nearly 4 months since initially reporting I decided to disclose.
Scott Piper @0xdabbad00
Oh dear. This is going to be the third major issue for Azure in as many weeks, with this being the second one from the folks at @wiz_io against Azure (they also found the CosmosDB issue). The folks at Wiz have been ripping the clouds apart this year (they also found AWS issues).
Nir Ohfeld @nirohfeld
Love working with @msftsecresponse. Another critical Azure vulnerability. This time an RCE 🤩 #BugBounty #Azure @wiz_io
fwd:cloudsec @fwdcloudsec
Block off your calendars for Monday and Tuesday next week, because this conference has some amazing content! Talks on AWS, Azure, GCP, and even IBM cloud! Offense and defense. New open source tools and war stories of using existing capabilities. fwdcloudsec.org
Brigid Johnson @bjohnso5y
The last five days were rough. After my last post, Pickles started feeling worse. Saturday I took him to the equine ER. He spent five days in the hospital. Today, I got to bring him home. He's is back to his goofy self. Here's to hoping he stays healthy. 🐴 🦄
Clint Gibler @clintgibler
☁️ Open source Cloud Security Posture Management (#CSPM) tools
OpenCSPM by @bradgeesaman & @josh_larsen
github.com/OpenCSPM/openc…)
Magpie by @openraven
github.com/openraven/magp…
CloudSploit by @AquaSecTeam
github.com/aquasecurity/c…
Cloud Custodian
github.com/cloud-custodia…
Ian Mckay @iann0036
The @fwdcloudsec conference starts in just over 24 hours! If you couldn't be there in person, stream it live from fwdcloudsec.org to hear some great speakers (and me) talk about the latest in cloud security.
fwd:cloudsec @fwdcloudsec
Today is the big day! The start of fwd:cloudsec is in a few hours. 🎉
Live stream links and schedule are at: fwdcloudsec.org
Terraform vs CDK in 2022
Learning Terraform but wanted to ask you guys if CDK is looking to take over or not. I personally find CDK harder to setup because some constructs requires setting up a VPC which isn't easy for an AWS newcomer. Terraform is straightforward so far at least, but I will focus …
Which are good tools to detect threats on cloud environment, web servers?
Hi,
I have debian application servers, load balancers, databases, fileservers etc. in a cloud.
Which are the alternatives for Splunk kind of threat detection tool which analyzes logs?
- 🖊️ This newsletter was fwd to you? Subscribe here
- 💌 Want to suggest new content: contact me or reply to this email
- ⚡️ Powered by Mailbrew
- 🐦 Follow me on Twitter or hire me.
