Lex NevaOct 03
3
Monday October, 2022
Sponsor - Secure your Cloud Infrastructure with Teleport and AWS IAM
Join Teleport for the webinar on October 13th and learn about the challenges in securely delegating access to your AWS resources. Save your spot to find out:
- How companies are currently managing their AWS infrastructure
- Integrating Teleport Access Plane with AWS IAM
- The top 5 advantages of using Teleport to access AWS resources
In a nutshell
Lately, I've released ten bare-minimum AWS Security alerts to bootstrap your AWS Accounts security with the most common suspicious activities detection.
It's available as free open-source software.
📢 MAMIP (Monitor AWS Managed IAM Policies)
Policies changed since last week:
- AWSMigrationHubStrategyCollector
- AWSServiceRoleForMonitronPolicy
- AWSSupportPlansFullAccess
- AWSSupportPlansReadOnlyAccess
- AmazonFSxFullAccess
- AppIntegrationsServiceLinkedRolePolicy
SRE Weekly Issue #341
[tl;dr sec] #152 - Infra as Code Security, Linux Distro for Supply Chain Security
Clint at tl;dr secSep 29
AWS CodeDeploy - 3 updated methods
Sep 30
This release allows you to override the alarm configurations when creating a deployment.
Amazon DevOps Guru - 2 updated methods
Sep 30
This release adds filter feature on AddNotificationChannel API, enable customer to configure the SNS notification messages by Severity or MessageTypes
Amazon Data Lifecycle Manager - 3 updated methods
Sep 30
This release adds support for archival of single-volume snapshots created by Amazon Data Lifecycle Manager policies
Amazon SageMaker Runtime - 1 updated methods
Sep 30
A new parameter called ExplainerConfig is added to CreateEndpointConfig API to enable SageMaker Clarify online explainability feature.
Best practices for setting up Amazon Macie with AWS Organizations
Jonathan NguyenSep 29
In this post, we’ll walk through the best practices to implement before you enable Amazon Macie across all of your AWS accounts within AWS Organizations. Amazon Macie is a data classification and data protection service that uses machine learning and pattern matching to help secure your critical data in AWS. …
How to automatically build forensic kernel modules for Amazon Linux EC2 instances
Jonathan NguyenSep 26
In this blog post, we will walk you through the EC2 forensic module factory solution to deploy automation to build forensic kernel modules that are required for Amazon Elastic Compute Cloud (Amazon EC2) incident response automation. When an EC2 instance is suspected to have been compromised, it’s strongly recommended to …
ec2: 1 new action | 13 updated actions
Sep 30
1 new action: ModifyLocalGatewayRoute (Grants permission to modify a local gateway route); 13 updated actions: DescribeElasticGpus (access), DescribeFastLaunchImages (access), DescribeFastSnapshotRestores (access), DescribeFleets (conditions, resources), DescribeScheduledInstanceAvailability (access), DescribeScheduledInstances (access), DescribeTags (access), DescribeTransitGatewayPolicyTables (access), DescribeTransitGatewayRouteTableAnnouncements (access), DescribeVolumesModifications (access), DescribeVpnConnections (access), GetInstanceTypesFromInstanceRequirements (access), GetIpamPoolAllocations (access)
inspector2: 2 new actions
Sep 30
2 new actions: GetConfiguration (Grants permission to retrieve information about the Amazon Inspector configuration settings for an AWS account), UpdateConfiguration (Grants permission to update information about the Amazon Inspector configuration settings for an AWS account)
sts: 6 updated actions, 1 updated condition | 3 removed conditions
Sep 29
6 updated actions: AssumeRole (conditions), AssumeRoleWithSAML (conditions), AssumeRoleWithWebIdentity (conditions), GetFederationToken (conditions), TagSession (conditions), SetSourceIdentity (conditions); 1 updated condition: aws:TagKeys (type); 3 removed conditions: aws:FederatedProvider (Filters access by the IdP that was used to authenticate the user), aws:PrincipalTag/${TagKey} (Filters access by the tag associated with the principal that is making the …
GitHub - zoph-io/aws-security-survival-kit: Bare minimum AWS Security Alerting
Bare minimum AWS Security Alerting. Contribute to zoph-io/aws-security-survival-kit development by creating an account on GitHub.
Clint Gibler @clintgibler
🛠️ Nginxpwner
A simple tool to look for common Nginx misconfigurations and vulnerabilities,
By @stark0de1
#bugbounty #bugbountytips
github.com/stark0de/nginx…
331
99Sep 28 · 5:00 PM
Christophe @christophetd
Detecting exfiltration of EBS snapshots in AWS⬇️
When an attacker copies an EBS snapshot from your account to theirs, or creates an EBS volume from it, CloudTrail generates a SharedSnapshotCopyInitiated or SharedSnapshotVolumeCreated event.
20558Sep 27 · 10:44 AM
Colm MacCárthaigh @colmmacc
Seattle voters, in 40 days time we'll have chosen our future voting system for City elections. Use your ballot and pick Ranked Choice Voting! It's the best option, we'll get positive coalition building and it will move us closer to even better elections. Thread time ...
6420Sep 30 · 1:01 AM Clint Gibler @clintgibler
🔎 PDF Examiner
Provides an overview of the inner file structure of a PDF and extracts /URI and /JS data
github.com/5f0ne/pdf-exam…
5620Oct 01 · 1:00 AM Christophe @christophetd
AWS: Go and enable IMDSv2 on your instances
Also AWS: ... but we won't make it a default, even for new accounts
Also AWS: ... it will also take 3 years until we support it in our own services
Scott Piper @0xdabbad00
Lightsail just got IMDSv2 support. I didn't realize it didn't have that already. lightsail.aws.amazon.com/ls/docs/en_us/… twitter.com/publiccloudbot…
469Sep 27 · 10:57 AM
Brigid Johnson @bjohnso5y
AWS Support now brings the greatness of IAM actions, helping you control access to manage your support plan. Best part?! You no longer need root for this. Say goodbye to another root use case. go.aws/3y9v2MO
385Oct 03 · 2:06 AM Brigid Johnson @bjohnso5y
A good example of how AWS continues to raise the security bar for our customers📈 You probably do not depend on self assume role functionality, but now you need to make it explicit in the role trust policy. This makes controlling access to who can assume a role more clear.👀 A 🧵 twitter.com/AWSSecurityInf…
AWS Security @AWSSecurityInfo
Announcing an update to IAM role trust policy behavior: go.aws/3DFBS08
328Sep 28 · 2:43 AM
Kinnaird McQuade 💻☁️💥 @kmcquade3
Update: I realized one of my favorite tools already does GitHub Copilot for your terminal
Maybe it will make me not suck at Regex
Kinnaird McQuade 💻☁️💥 @kmcquade3
Open source idea: GitHub Copilot for your terminal
306Oct 02 · 9:59 AM Scott Piper @0xdabbad00
Another bullet can be removed from the list of tasks that require the root user. docs.aws.amazon.com/accounts/lates…
What's New on AWS (Unoffical) @awswhatsnew
AWS announces updated Support Plans Console with new IAM controls
AWS Support continues to provide a mix of tools, technology, people, and programs to help you optimize performance, lower costs, and innovate faster. Today, the new AWS Support Plans... aws.amazon.com/about-aws/what…
306Sep 30 · 9:04 PM
Teri Radichel #cybersecurity #cloudsecurity @TeriRadichel
AWS Credentials in Boto3 and CLI Debug Output — and the AWS Console: ACM.68 Do you know where all your credentials and secrets are being output in logs, debug information, or in the AWS console?
~~~~~~~~~~~~~~~~~~~~~~~~
by Teri Radichel | Oct 2, 2022 medium.com/cloud-security…
295Oct 02 · 4:50 PM
- 🖊️ This digest was forwarded to you? Subscribe here
- 📢 Promote your content with sponsorship
- 💌 Want to suggest new content: contact me or reply to this email
