SRE Weekly Issue #346 • [tl;dr sec] #157 - Transforming Security Champions, Production-ready Osquery • Amazon MemoryDB - 10 updated methods • Amazon SageMaker Service - 7 updated methods • AWS IoT SiteWise - 2 new 4 updated methods • AWS S3 Control - 2 updated methods • OpenSSL Security Advisories - November 2022 • How to use trust policies with IAM roles • Use Amazon Inspector to manage your build and deploy pipelines for containerized applications • See yourself in cyber: Highlights from Cybersecurity Awareness Month • How to control non-HTTP and non-HTTPS traffic to a DNS domain with AWS Network Firewall and AWS Lambda • redshift: 1 new action • route53-recovery-readiness: 1 updated condition • qldb: 1 new action • The OpenSSL punycode vulnerability (CVE-2022-3602): Overview, detection, exploitation, and remediation | Datadog Security Labs • r2c - CVE Analyst • I won’t be attending re:invent after all. 🙁 Nor have I done a good job of responding to DMs or following up on commitments for ages. I’ve been having an extremely bad time this year and I am checking into a psych hospital and changing meds. So hopefully 2023 will be better. • the speed with which he went from "legalize comedy" to "i will literally ban everyone that i think is making fun of me" is just outstanding • My colleagues have released a post and in-depth exploitation walk-through of the OpenSSL vulnerability: <a href="https://t.co/Idu6Lng003" target="_blank">securitylabs.datadoghq.com/articles/opens…</a> tldr • It was downgraded from critical to high • It's exploitable for DoS on Windows, probably not RCE • It's likely not exploitable on Linux at all • I have no idea if publishing this is a good idea. But I think it’s important to normalise bipolar disorder, even the ugly bits. I think my career will be okay and I hope that people won’t treat me differently from now on. • Every time I open this site • Dropped off my ballot today for my first vote in a US general election. Please do vote, it really matters! 🇺🇸 • Maybe we should leave our thoughts and hot takes in a file called .plan in our home directory? • 🗒️ awesome-cybersecurity-conferences A list of a number of security conferences around the world and a link to their videos and slides By <a href="https://twitter.com/Eliyahu_Tal_" target="_blank">@Eliyahu_Tal_</a> <a href="https://t.co/CyLYtBUKFG" target="_blank">github.com/TalEliyahu/awe…</a> • New on Hacking the Cloud - AWS Organizations Defaults: A short post on the default behavior of AWS Organizations and how compromising the management account can lead to the compromise of the entire organization. <a href="https://t.co/csNZ1be2Jw" target="_blank">hackingthe.cloud/aws/general-kn…</a> • 🗒️ <a href="https://twitter.com/owasp" target="_blank">@owasp</a> Software Component Verification Standard (SCVS) Overview by Chris Hughes on the 3 levels of maturity across 6 control categories * Inventory * SBOM * Build Environment * Package Management * Component Analysis * Pedigree and Provenance <a href="https://t.co/Caz7H0Vdwj" target="_blank">blog.aquia.us/blog/2022-09-2…</a> • Amazon AWS Certifications Courses Worth Thousands of Dollars are available FREE on Amazon Store. • Minor rant: NoSQL is not a drop-in replacement for SQL • Who's Going to Re:Invent • Amazon EC2 enables you to opt out of directly shared Amazon Machine Images • Deloitte and AWS partner for latest major entry into BaaS - Insider Intelligence • Credera Becomes AWS Security Competency Partner - PR Newswire