Security Newsletter - Strange new Mac malware. CIS ransomware protection for hospitals. Sharing a project of mine. • How to continuously audit and limit security groups with AWS Firewall Manager • AWS and EU data transfers: strengthened commitments to protect customer data • Big news! I'm shutting down my consulting business and just had my first day with <a href="https://twitter.com/aurora_inno" target="_blank">@aurora_inno</a> where I'll be leading AWS security. We're hiring! I suspect I'll be busy for a while, so I wanted to write down some project ideas I wasn't able to get to: <a href="https://t.co/6SRydRUQ2A" target="_blank">summitroute.com/blog/2021/02/1…</a> • 🚚 How to build a secure CI/CD pipeline for delivering infra as code Great discussion of: * Limitations of popular CI platforms (e.g. GitHub) * Desired defense in depth features * What they ended up building <a href="https://t.co/JxA6lmwEsw" target="_blank">tech.ovoenergy.com/building-a-sec…</a> • Worried about the recently released tool "endgame" targeting your AWS environment? Two quick tips: 1. Look for any API calls with the User Agent "HotDogsAreSandwiches" (I disagree btw) 2. Look for any resource policies with a statement ID (SID) of "Endgame" • Just blogged: "Security Logging in Cloud Environments - AWS" - How to design a state of the art multi-account security logging platform in <a href="https://twitter.com/hashtag/AWS" target="_blank">#AWS</a>. <a href="https://t.co/KtKOFYDsUW" target="_blank">marcolancini.it/2021/blog-secu…</a> • ☁️ AWS security project ideas Want to contribute to the <a href="https://twitter.com/hashtag/infosec" target="_blank">#infosec</a> community but not sure where to start? Check out these project ideas by <a href="https://twitter.com/0xdabbad00" target="_blank">@0xdabbad00</a> for useful tools that don't yet exist. <a href="https://t.co/bO6VqgM6Zv" target="_blank">summitroute.com/blog/2021/02/1…</a> • This week I've had two male leaders more senior than I am share their moments of self doubt with me. As a female leader who has those feelings too, this act gave me the "hey, I really do belong here too" feeling. Share your doubt, it helps us all be more inclusive. • What info can you enumerate with AWS keys that have no permissions? I'm currently aware of: - User ID - ARN (+ account ID) - Canonical ID - Is GovCloud Account - What regions are enabled/disabled • 👍🔐🎉AWS IAM now supports 🏷tags for additional IAM resources including IAM managed policies and EC2 instance profiles. Now you can use ABAC for controlling which roles your users can attach to an Amazon EC2 instance profile and more. Check out the blog below! <a href="https://twitter.com/AWSIdentity" target="_blank">@AWSIdentity</a> <a href="https://t.co/WfNgBsWUa9" target="_blank">twitter.com/AWSSecurityInf…</a> • That almost nothing deleted is really gone. Customer asks for something to be deleted via GDPR or CCPA, it will be deleted from live database but it could take a year to roll off the backups. • So that’s one more tool that can use SQL to query AWS environments. Who knows of others? * AWS Config + Athena * <a href="https://t.co/pQlelfChQX" target="_blank">steampipe.io</a> * <a href="https://t.co/bprVnbfqcN" target="_blank">cloudquery.io</a> * <a href="https://t.co/R79E06i1Qe" target="_blank">github.com/goldfiglabs/in…</a> • For me - <a href="https://twitter.com/IanColdwater" target="_blank">@IanColdwater</a> inspires me to overcome fears, evangelize security knowledge, take the stage, and to just be a good human being. <a href="https://twitter.com/0xdabbad00" target="_blank">@0xdabbad00</a> inspires me to push my boundaries with new tech, automate my knowledge, and to help the world learn about cloud security. • <a href="https://twitter.com/clintgibler" target="_blank">@clintgibler</a> <a href="https://twitter.com/aurora_inno" target="_blank">@aurora_inno</a> It won't be like Apple where they cut out your tongue at orientation. Also, I don't know who my TAM is yet (cc <a href="https://twitter.com/z1g1" target="_blank">@z1g1</a>), but someone over there at AWS better figure it out before our first meeting and send them reinforcements. 😂 • Great post from <a href="https://twitter.com/xssfox" target="_blank">@xssfox</a>! A reminder to all to fully understand your security boundaries when mixing public repos and private assets. • Congrats to last year's sponsor Bridgecrew on their $200M acquisition by Palo Alto! fwd:cloudsec is a great way for cloudsec companies to get noticed. Sponsor slots for the 2021 conference opening soon. Get on the mailing list for updates. <a href="https://t.co/QOXMTq6p65" target="_blank">fwdcloudsec.org</a> • 🚨We have an upcoming <a href="https://twitter.com/hashtag/AWSGameDay" target="_blank">#AWSGameDay</a> at the end of February. 🎮This is a great opportunity to learn AWS with your peers in a safe and fun environment. If you haven't done a GameDay before, you're missing out! 🏆 Where will you end up on the leaderboard? <a href="https://t.co/aU2fJN8UTX" target="_blank">bit.ly/3u9hYTU</a> • AWS taking zombie apocalypse seriously in T&Cs Clause 42.10 • Dear AWS: Cost Explorer APIs Should be Free (or have a free allocation per month) • AWS just released an official AWS Quick Start • Don't Stop Releasin' by Billie Perry - (Corey Quinn's AWS Marketing Parody) • The whole AWS organization subaccount management is absolute garbage • (More in comments) Brave Browser leaks your Tor / Onion service requests through DNS. • Deliver your shellcode through an ICMP packet and inject it into a local process. C#