Lex NevaApr 04
4
Monday April, 2022
Sponsor 📣
Stop wasting time on StackOverflow to find code snippets you can reuse.
snipt.dev is a code snippets search engine that lets you find code snippets for your language and library within seconds.
snipt.dev is free for all developers. Developers can import snippets directly in VS Code or JetBrains using the Codiga IDE plugins.
With more than 10,000 developers using the platform every day, snipt.dev is the reference to find quickly code you can reuse.
📢 MAMIP (Monitor AWS Managed IAM Policies)
Policies changed since last week:
- AWSBackupServiceRolePolicyForRestores
- AmazonBraketFullAccess
- AmazonRoute53RecoveryClusterReadOnlyAccess
- FMSServiceRolePolicy
SRE Weekly Issue #316
SRE Weekly Issue #316
Lex NevaApr 04
📖 [The CloudSecList] Issue 131
Marco from CloudSecListApr 03
AWS Notification Message
GuardDutyAnnouncementsApr 02
[tl;dr sec] #126 - How to Review Your Company’s Infrastructure, Kubernetes DFIR
Clint at tl;dr secMar 31
AWS Glue DataBrew - 4 updated methods
Mar 31
This AWS Glue Databrew release adds feature to support ORC as an input format.
Amazon Managed Grafana - 3 new 7 updated methods
Mar 31
This release adds tagging support to the Managed Grafana service. New APIs: TagResource, UntagResource and ListTagsForResource. Updates: add optional field tags to support tagging while calling CreateWorkspace.
Amazon Pinpoint SMS Voice V2 - 43 new methods
Mar 31
Amazon Pinpoint now offers a version 2.0 suite of SMS and voice APIs, providing increased control over sending and configuration. This release is a new SDK for sending SMS and voice messages called PinpointSMSVoiceV2.
Route53 Recovery Cluster - 1 new 1 updated methods
Mar 31
This release adds a new API "ListRoutingControls" to list routing control states using the highly reliable Route 53 ARC data plane endpoints.
Best practices: Securing your Amazon Location Service resources
David BaileyApr 1
Location data is subjected to heavy scrutiny by security experts. Knowing the current position of a person, vehicle, or asset can provide industries with many benefits, whether to understand where a current delivery is, how many people are inside a venue, or to optimize routing for a fleet of vehicles. …
Scott Piper @0xdabbad00
I bet that now there is a CloseAccount API, folks will cycle accounts more often, and AWS will need to expand account IDs beyond 12 digits sooner than they may have expected.
131
12Mar 29 · 11:36 PM
Kinnaird McQuade💥🌩 @kmcquade3
The first rule about writing a program in Rust is that you have to tell EVERYONE it's written in Rust
804Apr 03 · 7:02 AM
Clint Gibler @clintgibler
🪄 Fantastic AWS Hacks and Where to Find Them
@christophetd on getting started in AWS security, and how companies are getting hacked on AWS
Mindmap: mindmeister.com/map/2211520103…
Drawn by: @MindsEyeCCF
docs.google.com/presentation/d…
3812Mar 30 · 5:00 PM Clint Gibler @clintgibler
🛠️ Tool: find-gh-poc
Tool to find CVE PoCs on GitHub
#bugbounty #bugbountytips
By @trick3st @mhmdiaa @ZaricNenad_
github.com/trickest/find-…
386Mar 29 · 11:50 PM
Chris Farris @jcfarris
@fwdcloudsec will occur on Monday, July 25th in Boston, MA. More details to follow.
349Apr 01 · 11:09 PM
Marco Lancini @lancinimarco
💾 If you liked the article, and were looking for an easy way to download all the questions you should ask while reviewing a company's infrastructure, now you can! 🧵[1/2]
Marco Lancini @lancinimarco
Just blogged: "What to look for when reviewing a company's infrastructure" - A comprehensive guide that provides a structured approach to reviewing the security architecture of a multi-cloud SaaS company and finding its most critical components. marcolancini.it/2022/blog-clou…
298Mar 29 · 5:26 PM
Ian Mckay @iann0036
omg omg omg
Michael Barney Jr @mbarneyjr
Is this an early @awscloud April Fool's joke?
"feature: Organizations: This release provides the new CloseAccount API that enables principals in the management account to close any member account within an organization."
github.com/aws/aws-sdk-js…
303Mar 29 · 11:04 PM Marco Lancini @lancinimarco
I've created a micro-website to host all the questions you should ask in a spreadsheet-style format:
roadmap.cloudsecdocs.com/infrastructure… 🧵[2/2]
214Mar 29 · 5:26 PM
Brigid Johnson @bjohnso5y
Ooooo! I can't wait to see how customers use this new goodie from AWS Organizations. Me thinks there will be some Mari Konding of AWS accounts happening. 🧹🧼🧽
Close account API is here!
aws.amazon.com/blogs/mt/aws-o…
204Mar 30 · 9:27 PM
Cloud Sec Tools
Does anyone here have experience with CSPM, CNAPP, and/or Workload protection solutions? Looking for recommendations for an AWS environment.
- 🖊️ This newsletter was forwarded to you? Subscribe here
- 📢 Promote your content with Sponsorship
- 💌 Want to suggest new content: contact me or reply to this email
