Release Date: 08/12/2024 | Issue: 267
Know someone who'd find this useful? Forward this email
CloudSecList is a newsletter for busy professionals who want to keep up to date with the cloud security industry. Hand-curated by Marco Lancini.
The re:Invent edition
With re:Invent happening this past week, this CloudSecList issue will have a more extensive section showcasing the primary security-related announcements that came out of it.
Back to business as usual from next week!
Sponsor

Every company needs a plan for when things go wrong, including answers to some basic questions:
  • Whoโ€™s on-call?
  • How do you know what qualifies as an incident?
  • Whatโ€™s your process for fixing it?
High-growth companies use incident.io, a Slack-enabled all-in-one incident management tool that helps you track and fix incidents in real time.
Book a demo!

This week's articles


The Day We Unveiled the Secret Rotation Illusion
The Clutch Security team conducted an experiment by intentionally leaking various API keys and credentials across multiple platforms to assess how quickly they could be exploited.   #attack   #saas


Securing CI/CD: Don't Use Long-Lived API Tokens, Use OpenID Connect Instead
Learn how to enhance your CI/CD security by replacing long-lived API tokens with OpenID Connect for safer, temporary authentication in automated workflows.   #build   #ci/cd


The New PKCE Authentication in AWS SSO Brings Hope (Mostly)
Post taking a closer look at the newly-released PKCE support for AWS SSO authentication flows.   #aws   #defend   #iam

Tools


tsdproxy
Tailscale Docker Proxy.


Falco Talon v0.2.0
Falco Talon 0.2.0 is a minor release that includes new actioners and outputs.


shell-exec-cloud-run
Execute a shell command within Cloud Run.


sftp-gcs
An implementation of an SFTP to Google Cloud Storage bridge.


RequestShield
A tool designed to analyze HTTP access logs and identify suspicious HTTP requests and potential security threats.

From the cloud providers


#AWS   Securely share AWS resources across VPC and account boundaries
You can now share AWS resources such as EC2 instances, ECS and EKS container services, and your own HTTPS services across VPC and AWS account boundaries, and use them to build event-driven apps via EventBridge and Step Functions.


#AWS   Simplify governance with declarative policies
Declarative policies are a new capability that helps you declare and enforce desired configuration for a given AWS Service at scale across your organization.


#AWS   New AWS Security Incident Response helps organizations respond to and recover from security events
AWS introduced a new service to streamline security event response, providing automated triage, coordinated communication, and expert guidance to recover from cybersecurity threats.


#AWS   Introducing default data integrity protections for new objects in Amazon S3
Amazon S3 updated the default behavior of object upload requests with new data integrity protections that build upon S3's existing durability posture.


#AWS   Introducing Amazon GuardDuty Extended Threat Detection: AI/ML attack sequence identification for enhanced cloud security
AWS extends GuardDuty with AI/ML capabilities to detect complex attack sequences across workloads, applications, and data, correlating multiple security signals over time for proactive cloud security.


#AWS   Use your on-premises infrastructure in Amazon EKS clusters with Amazon EKS Hybrid Nodes
A new feature that you can use to attach your on-premises and edge infrastructure as nodes to EKS clusters in the cloud.


#AWS   Introducing Amazon OpenSearch Service and Amazon Security Lake integration to simplify security analytics
Amazon OpenSearch Service now offers zero-ETL integration with Amazon Security Lake for efficient threat hunting and investigations.


#AWS   AWS Verified Access now supports secure access to resources over non-HTTP(S) protocols (in preview)
AWS Verified Access extends its secure, VPN-less access capabilities to non-HTTP(S) applications and resources, enabling zero trust access to corporate resources over protocols such SSH and RDP.


#AWS   Connect users to data through your apps with Storage Browser for Amazon S3
Storage Browser for Amazon S3 is an open source interface component that you can add to your web applications to provide your authorized end users, such as customers, partners, and employees, with access to easily browse, upload, download, copy, and delete data in S3.


#AWS   AWS Clean Rooms now supports multiple clouds and data sources
With expanded data sources, AWS Clean Rooms helps customers securely collaborate with their partners' data across clouds, eliminating data movement, safeguarding sensitive information, promoting data freshness, and streamlining cross-company insights.


#AWS   New Amazon S3 Tables: Storage optimized for analytics workloads
Amazon S3 Tables optimize tabular data storage (like transactions and sensor readings) in Apache Iceberg, enabling high-performance, low-cost queries using Athena, EMR, and Spark.


#AWS   Introducing queryable object metadata for Amazon S3 buckets (preview)
Automatic generation of metadata that is captured when S3 objects are added or modified, and stored in fully managed Apache Iceberg tables.


#AWS   Announcing AWS Transfer Family web apps for fully managed Amazon S3 file transfers
AWS Transfer Family web apps are a new resource that you can use to create a simple interface for authorized line-of-business users to access data in Amazon S3 through a customizable web browser.

Thanks for reading!

If you found this newsletter helpful, I'd really appreciate if you could forward it to your friends and colleagues! ๐Ÿ‘Œ

If you have questions, comments, or feedback, let me know on Twitter (@lancinimarco / @CloudSecList), or at feedback.cloudseclist.com!

Thanks,
Marco
Forward Forward
Twitter Tweet
Share Share

How did you like this issue of CloudSecList?

1       2       3       4       5

Archives View in browser Sponsorship
ยฉ 2019-present CloudSecList ยท Marco Lancini