Security Newsletter - Emotet and Netwalker taken down. NAT Slipstreaming 2.0. Patch your sudo and iOS. • Discover, review, and remediate unintended access to Secrets Manager secrets using IAM Access Analyzer • AWS Shield Advanced now provides mitigation metrics and network traffic timelines • Sudo Security Issue (CVE-2021-3156) • Verified episode 3: In conversation with Noopur Davis from Comcast • AWS is the first global cloud service provider to comply with the new K-ISMS-P standard • This update exposes a lot of the internals of how Lambda works. Ex. Lambda runs on EC2 nitro bare metal instances and invokes are done using SQS behind the scenes. • Whoa, tl;dr sec has &gt;5,000 subscribers 🚀 To celebrate, I want to give back So for every like/RT of this tweet I'll donate $1 to Feeding America (up to $1K) for the next week Thanks for reading 🙏 Here's to another year of great security research! <a href="https://t.co/XKBW5PcH5N" target="_blank">tldrsec.com</a> • I am dropping a new AWS Security tool in the next week. Stay tuned • 🛠️ <a href="https://twitter.com/TomNomNom" target="_blank">@TomNomNom</a> tool overview by <a href="https://twitter.com/DanielMiessler" target="_blank">@DanielMiessler</a> <a href="https://twitter.com/hashtag/bugbountytips" target="_blank">#bugbountytips</a> * gf - Security-focused grep * httprobe - Find domains listening on web ports * unfurl - Break down URLs into components * meg - Check paths across domains * waybackurls - Find archived URLs <a href="https://t.co/5rDacFiALT" target="_blank">danielmiessler.com/blog/a-tomnomn…</a> • AWS security bulletin on the sudo issue. Just says AWS infrastructure (ie. their side of the responsibility model) is not affected, but you should update your systems. <a href="https://t.co/c7pwSJKwdw" target="_blank">aws.amazon.com/security/secur…</a> • I hope you have as much fun reviewing these scenarios as I had writing them. From the far-fetched to the mundane, being able to quickly conjure a response to risks is a hallmark of a well-developed security strategy. <a href="https://twitter.com/hashtag/Cloud" target="_blank">#Cloud</a> <a href="https://twitter.com/hashtag/Security" target="_blank">#Security</a> <a href="https://twitter.com/hashtag/AWS" target="_blank">#AWS</a> <a href="https://twitter.com/hashtag/DevOps" target="_blank">#DevOps</a> <a href="https://t.co/B0YCPcIrZa" target="_blank">matthewdf10.medium.com/cloud-security…</a> • I'm hiring! Looking for folks that are interested in automating incident response in the cloud. If you are interested or know someone, please reach out! <a href="https://t.co/s0o6xEY1xh" target="_blank">hashicorp.com/job/2607537</a> • Another Lockdown haircut in Steve’s Barbers 💈 Not bad if you ask me... if you excuse the fact I cut his forehead with the scissors ✂️ 🤦‍♂️ • Someone was looking for this, soo... Here's a quick project to rename <a href="https://twitter.com/hashtag/AWS" target="_blank">#AWS</a> CloudFormation stacks 🚀 <a href="https://t.co/bWK0ODxKOZ" target="_blank">github.com/iann0036/cfn-s…</a> Check the documentation as to how this works before using, as some stacks won't be eligible. • ✋😲Let's review the resources that Access Analyzer can inspect for you - and this across all accounts if using AWS Organizations: S3 buckets IAM roles KMS keys Lambda functions &amp; layers SQS queues Secrets Mgr secrets More here: <a href="https://t.co/UV0lKnrXY7" target="_blank">docs.aws.amazon.com/IAM/latest/Use…</a> And there's more to come! • <a href="https://t.co/ZHTc55deLT" target="_blank">aws.amazon.com/about-aws/what…</a> • Possibly one of the least flattering photos I’ve ever taken. I just wanted to highlight that Archie is a wonderful snuggly nurse boy while I’m lying in bed with debilitating back pain. And Missy is off somewhere soaking up the sunshine <a href="https://twitter.com/hashtag/nofilter" target="_blank">#nofilter</a> <a href="https://twitter.com/hashtag/nochin" target="_blank">#nochin</a> • Not a headline I thought I’d ever read in my lifetime tbh ⛄️ • Very nice to see <a href="https://twitter.com/wildlifestudios" target="_blank">@wildlifestudios</a>' job searches on the <a href="https://twitter.com/ekoparty" target="_blank">@ekoparty</a> website! <a href="https://t.co/LXsMzlfuyV" target="_blank">ekoparty.org/en_US/jobs/det…</a> • Sophia is here to add <a href="https://twitter.com/hashtag/cute" target="_blank">#cute</a> to your timeline. • Aurora now supports PostgreSQL 12 • New open source project - Use AWS like it's Heroku! • You can now bring existing AWS Organizations OUs into Control Tower • Other than compliance and "it's best practice", what is the reason to secure data in AWS at rest? • New tool: Serverless Stack Toolkit allows you to build serverless apps using CDK • Heap-based buffer overflow in Sudo (CVE-2021-3156) - obtained full root privileges on Ubuntu 20.04 (Sudo 1.8.31), Debian 10 (Sudo 1.8.27), and Fedora 33 (Sudo 1.9.2) • World’s most dangerous malware EMOTET disrupted through global action