Issue #81
Monday · August 31, 2022
🥗 AWS security blogs
- AWS achieves FedRAMP P-ATO for 20 services in the AWS US East/West Regions and AWS GovCloud (US) Regions — Amazon Web Services (AWS) is pleased to announce that 20 additional AWS services have achieved Provisional Authority to Operate (P-ATO) from the Federal Risk and Authorization Management Program (FedRAMP) Joint Authorization Board (JAB). The following are the 20 AWS services with FedRAMP authorization for the U.S. federal government and organizations …
- How to subscribe to the new Security Hub Announcements topic for Amazon SNS — With AWS Security Hub you are able to manage your security posture in AWS, perform security best practice checks, aggregate alerts, and automate remediation. Now you are able to use Amazon Simple Notification Service (Amazon SNS) to subscribe to the new Security Hub Announcements topic to receive updates about new …
- AWS announces migration plans for NIST 800-53 Revision 5 — Amazon Web Services (AWS) is excited to begin migration plans for National Institute of Standards and Technology (NIST) 800-53 Revision 5. The NIST 800-53 framework is a regulatory standard that defines the minimum baseline of security controls for U.S. federal information systems. In 2020, NIST released Revision 5 of the …
- How to deploy AWS Network Firewall by using AWS Firewall Manager — AWS Network Firewall helps make it easier for you to secure virtual networks at scale inside Amazon Web Services (AWS). Without having to worry about availability, scalability, or network performance, you can now deploy Network Firewall with the AWS Firewall Manager service. Firewall Manager allows administrators in your organization to …
🍛 Reddit threads on r/aws
- Hacked AWS Account is facing $200,000+ in charges after support ticket — After about a month of going back and forth with AWS support for my account, I am now being told I am liable for most of the total amount of the original bill of $213,000. I've been in contact with AWS support for 4 weeks, and now they are refusing …
- ECS Anywhere cluster running on a bunch of 2007 Intel Macbooks (link to it in the comments)
- We are members of AWS Premium Support, ask us anything — Post anything about how the support organization works, what its like to work here, how we troubleshoot and handle cases, what you'd like to see change in support, or anything else that comes to mind. Post your questions below and we'll answer them in this thread live for 1 hour …
- CDK for Terraform (CDKTF) is now generally available
📌 Newsletters
📌 Top Links from Security Folks
- How to detect suspicious activity in your AWS account by using private decoy resources | Amazon Web Services — As customers mature their security posture on Amazon Web Services (AWS), they are adopting multiple ways to detect suspicious behavior and notify response teams or …
- GitHub - DataDog/threatest: Threatest is a Go framework for end-to-end testing threat detection rules. — Threatest is a Go framework for end-to-end testing threat detection rules. - GitHub - DataDog/threatest: Threatest is a Go framework for end-to-end testing threat detection …
- Software Engineer, AWS Security — Company Description: Block is one company built from many blocks, all united by the same purpose of economic empowerment. The blocks that form our foundational …
- Browser-Powered Desync Attacks: A New Frontier in HTTP Request Smuggling — The recent rise of HTTP Request Smuggling has seen a flood of critical findings enabling near-complete compromise of numerous major websites. However, the threat has …
📌 "AWS Security" on Google News
🧁 IAM permission changes
- wafv2: 1 new resource | 3 updated actions — 1 new resource: userpool; 3 updated actions: AssociateWebACL (resources), DisassociateWebACL (resources), GetWebACLForResource (resources)
- sqlworkbench: 19 new actions, 1 new resource | 3 updated actions — 19 new actions: BatchGetNotebookCell (Grants permission to get notebook cells content on your account), CreateNotebook (Grants permission to create a new notebook on your account), CreateNotebookCell (Grants permission to create a notebook cell on your account), CreateNotebookFromVersion (Grants permission to create a new notebook from a notebook version on your …
- lexv2: 1 new action — 1 new action: StopBotRecommendation (Grants permission to stop a bot recommendation for an existing bot locale)
🍪 API changes
- AWS IoT Greengrass V2 - 1 updated methods — Adds topologyFilter to ListInstalledComponentsRequest which allows filtration of components by ROOT or ALL (including root and dependency components). Adds lastStatusChangeTimestamp to ListInstalledComponents response to show the last time a component changed state on a device.
- Amazon Lookout for Equipment - 9 new 4 updated methods — This release adds new apis for providing labels.
- Amazon Macie 2 - 5 new 2 updated methods — This release of the Amazon Macie API adds support for using allow lists to define specific text and text patterns to ignore when inspecting data sources for sensitive data.
- Amazon Voice ID - 1 updated methods — Amazon Connect Voice ID now detects voice spoofing. When a prospective fraudster tries to spoof caller audio using audio playback or synthesized speech, Voice ID will return a risk score and outcome to indicate the how likely it is that the voice is spoofed.
