AWS Security Digest

ASD Logo

27

Monday June, 2022

In a nutshell

You asked for a less dazzling logo. We did an update for your eyes.
We are introducing metering on highlight and sponsoring links to see what interests you the most. I will share later the app behind this magic (fully serverless on AWS)
Community is warming up for this summer AWS Sec con in Boston MA: re:Inforce and fwd:CloudSec

🔦 Highlight of the week

📢 MAMIP (Monitor AWS Managed IAM Policies)

Policies changed since last week:

Weekly diff

👉🏻 From AWS Bots: 📃 MAMIP / 🤖 MASE / 👮🏻‍♂️ MGDA

Newsletters

SRE Weekly Issue #328

Lex NevaJun 27

📖 [The CloudSecList] Issue 143

Marco from CloudSecListJun 26

[tl;dr sec] #138 - Career Resources, Finding Secrets at Scale

Clint at tl;dr secJun 23

AWS API Changes

Amazon Lookout for Equipment - 1 new methods

Jun 23

This release adds visualizations to the scheduled inference results. Users will be able to see interference results, including diagnostic results from their running inference schedulers.

Application Migration Service - 4 new 6 updated methods

Jun 23

New and modified APIs for the Post-Migration Framework

AWS Migration Hub Refactor Spaces - 1 new 1 updated methods

Jun 23

This release adds the new API UpdateRoute that allows route to be updated to ACTIVE/INACTIVE state. In addition, CreateRoute API will now allow users to create route in ACTIVE/INACTIVE state.

Amazon SageMaker Service - 6 updated methods

Jun 23

SageMaker Ground Truth now supports Virtual Private Cloud. Customers can launch labeling jobs and access to their private workforce in VPC mode.

AWS Security Blog

AWS re:Inforce 2022: Threat detection and incident response track preview

Celeste BishopJun 23

Register now with discount code SALXTDVaB7y to get $150 off your full conference pass to AWS re:Inforce. For a limited time only and while supplies last. Today we’re going to highlight just some of the sessions focused on threat detection and incident response that are planned for AWS re:Inforce 2022. …

New AWS whitepaper: AWS User Guide to Financial Services Regulations and Guidelines in New Zealand

Julian BusicJun 21

Amazon Web Services (AWS) has released a new whitepaper to help financial services customers in New Zealand accelerate their use of the AWS Cloud. The new AWS User Guide to Financial Services Regulations and Guidelines in New Zealand—along with the existing AWS Workbook for the RBNZ’s Guidance on Cyber Resilience—continues …

Wickr for Government achieves FedRAMP Ready designation

Anne GrahnJun 20

AWS is pleased to announce that Wickr for Government (WickrGov) has achieved Federal Risk and Authorization Management Program (FedRAMP) Ready status at the Moderate Impact Level, and is actively working toward FedRAMP Authorized status. FedRAMP is a US government-wide program that promotes the adoption of secure cloud services across the …

Sponsor

The cheapest, most secure, and greener cloud asset is the one that doesn't exist.

While working on dev, training, or just studying the AWS ecosystem you will create, update, and manage many assets that could lead to unexpected costs at the end of the month.

To avoid any surprise, we build a SaaS app called unusd.cloud that could save you money. (Free forever for one AWS Account).

IAM Permission Changes

refactor-spaces: 1 new action

Jun 24

1 new action: UpdateRoute (Grants permission to update a route from an application)

macie:

Jun 24

AWS Service Removed

outposts: 2 new actions

Jun 23

2 new actions: GetConnection (Grants permission to get information about the connection for your Outpost server), StartConnection (Grants permission to start a connection for your Outpost server)

Top Links from Security Folks

r/AWSCertifications - NEW AWS Certified Security Specialty Course (EARLY ACCESS)

www.reddit.com

47 votes and 13 comments so far on Reddit

Update detected · z0ph/MAMIP@780a705

github.com

[MAMIP] Monitor AWS Managed IAM Policies Changes . Contribute to z0ph/MAMIP development by creating an account on GitHub.

AWS Security Folks

Clint Gibler @clintgibler

Doing a cloud pen test and you only have low privilege AWS creds?

@bishopfox describes how you can escalate privileges by examining CloudTrail assumeRole events to learn other AWS accounts you can pivot to.

#pentesting #cloudsecurity

bishopfox.com/blog/cloudtrai…

162

51Jun 24 · 5:00 PM

Clint Gibler @clintgibler

🛡️ggshield

CLI tool that can detect more than 300 types of secrets

By @GitGuardian

#bugbounty #bugbountytips

github.com/GitGuardian/gg…

149

39Jun 24 · 7:00 PM

Kinnaird McQuade ⛅️🧨 @kmcquade3

Lost a few followers after voicing frustration over Roe v Wade being overturned.

Don’t let the door hit you on the way out! 🖕🏼

60

2Jun 25 · 4:52 AM

Aidan W Steele @__steele

I've been writing code for over 20 years now and nothing makes me feel quite as incompetent as trying to write Typescript. 😥

58

0Jun 22 · 5:33 AM

Brigid Johnson @bjohnso5y

Who is going to ReInforce in July? And @QuinnyPig can we take a then and now picture? I think I still have this shirt.

36

1Jun 24 · 3:39 PM

Aidan W Steele @__steele

I’ve been trying and failing all day to find the words to express how I feel about SCOTUS’ latest decision. I can’t. I’m broken. Maybe soon I’ll have the energy to express my incandescent rage, but for now all I can muster is tears.

29

1Jun 25 · 11:56 AM

Marco Lancini @lancinimarco

🔖 Unwanted Permissions that may impact security when using the ReadOnlyAccess policy in AWS

With this analysis, Tempest researchers identified at least 41 actions that can lead to improper data access.

sidechannel.blog/en/unwanted-pe…

21

7Jun 22 · 10:00 PM

Marco Lancini @lancinimarco

And now we have a cover page! 🤩
(I have to admit that, my graphic skills aside, I had fun using @canva)

Marco Lancini @lancinimarco

It's official: I'm writing a book! 📖

"The CloudSec Engineer" will be a book on how to enter, establish yourself, and thrive in the cloud security industry as an individual contributor.

1/