Issue #80
Monday · July 25, 2022
🥗 AWS security blogs
- AWS re:Inforce 2022: Network & Infrastructure Security track preview — Register now with discount code SALvWQHU2Km to get $150 off your full conference pass to AWS re:Inforce. For a limited time only and while supplies last. Today we’re going to highlight just some of the network and infrastructure security focused sessions planned for AWS re:Inforce. AWS re:Inforce 2022 will take …
- Automatically block suspicious DNS activity with Amazon GuardDuty and Route 53 Resolver DNS Firewall — In this blog post, we’ll show you how to use Amazon Route 53 Resolver DNS Firewall to automatically respond to suspicious DNS queries that are detected by Amazon GuardDuty within your Amazon Web Services (AWS) environment. The Security Pillar of the AWS Well-Architected Framework includes incident response, stating that your …
- A pathway to the cloud: Analysis of the Reserve Bank of New Zealand’s Guidance on Cyber Resilience — The Reserve Bank of New Zealand’s (RBNZ’s) Guidance on Cyber Resilience (referred to as “Guidance” in this post) acknowledges the benefits of RBNZ-regulated financial services companies in New Zealand (NZ) moving to the cloud, as long as this transition is managed prudently—in other words, as long as entities understand the …
- Use Security Hub custom actions to remediate S3 resources based on Macie discovery results — The amount of data available to be collected, stored and processed within an organization’s AWS environment can grow rapidly and exponentially. This increases the operational complexity and the need to identify and protect sensitive data. If your security teams need to review and remediate security risks manually, it would either …
🍛 Reddit threads on r/aws
- NAT gateways are too expensive — I was looking at my AWS bill and saw a line item called EC2-other which was about half of my bill. It was strange because I only have 1 free tier EC2 instance, and mainly use ECS spot instances for dev. I went through all the regions couldn’t find any …
- New SSO and IAM integration: AWS SSO adding support for Customer Managed Policies and Permission Boundaries
- TIL the AWS Console UI is open source
- Changes to AWS CloudFormation-based stacks and resources are now available as event notifications in Amazon EventBridge.
📌 Newsletters
📌 Top Links from Security Folks
- How attackers use exposed Prometheus server to exploit Kubernetes clusters – Sysdig — Kubernetes and Prometheus advise problems with exposing your data to the world, but regardless, exposed Prometheus are still widespread.
- Update detected · z0ph/MAMIP@8518b1c — [MAMIP] Monitor AWS Managed IAM Policies Changes . Contribute to z0ph/MAMIP development by creating an account on GitHub.
- MITRE ATT&CK Matrix for Kubernetes: Tactics & Techniques Explained Part 1 — Learn about the first four threat vectors in Kubernetes: initial access, execution, persistence, and privilege escalation.
- Enforce AWS Instance Metadata Service v2 on your workspace — Learn how to migrate to enforce AWS Instance Metadata Service v2 on your workspace.
📌 "AWS Security" on Google News
🧁 IAM permission changes
- vendor-insights: — AWS Service Removed
- cloudformation: 3 updated actions, 1 updated condition — 3 updated actions: CreateStackInstances (conditions), TagResource (conditions), UntagResource (conditions); 1 updated condition: cloudformation:ResourceTypes (type)
- storagegateway: 2 updated actions — 2 updated actions: AssociateFileSystem (dependents), UpdateFileSystemAssociation (dependents)
🍪 API changes
- Amazon Athena - 1 new methods — This feature allows customers to retrieve runtime statistics for completed queries
- Amazon DocumentDB with MongoDB compatibility - 14 updated methods — Enable copy-on-write restore type
- Amazon Fraud Detector - 15 updated methods — The release introduces Account Takeover Insights (ATI) model. The ATI model detects fraud relating to account takeover. This release also adds support for new variable types: ARE_CREDENTIALS_VALID and SESSION_ID and adds new structures to Model Version APIs.
- AWS IoT SiteWise - 3 new methods — Added asynchronous API to ingest bulk historical and current data into IoT SiteWise.
