Issue 84
7 days of Cloud Security, recapped in 7 minutes or less!
This week TLDR i.e. 1 minute version (For executives):
Amazon Inspector enhances the security engine for container images scanning.
AWS CloudTrail network activity events for VPC endpoints now generally available.
Trending in Cloud & Cyber Security:
AWS Security Blogs & Bulletins:
General security blogs, articles, reports & trending news/advisories:
whoAMI: A cloud image name confusion attack by Seth Art. Link.
Uncovering a Hidden CloudTrail Bug by Tracing AWS AssumeRole Chains in a Graph Database by Or Aspir. Link.
Tool: Cloud Trail Discover cheat sheet. Link.
Find Hidden AWS Resources With Effective Wordlists by Daniel Grzelak. Link.
Chinese Entanglement | DLL Hijacking in the Asian Gambling Sector by Aleksandar Milenkoski. Link.
North Korean Threat Actors Observed Exploiting Trusted Platforms for Targeted Attacks by Den Iuzvyk, Tim Peck. Link.
New Phishing Campaign Abuses Webflow, SEO, and Fake CAPTCHAs by Jan Michael Alcantara. Link.
CyberArk snaps up Zilla Security for up to $175M. Link.
Storm-2372 conducts device code phishing campaign by Microsoft Threat Intelligence. Link.
Oh, Auth 2.0! Device Code Phishing in Google Cloud and Azure by Matt Kiely. Link.
This week Long i.e. 3-5 minutes version (For architects & engineers):
Amazon Inspector has upgraded the engine that powers container image scanning for Amazon Elastic Container Registry (ECR), which now offers a more comprehensive view of vulnerabilities in third-party dependencies within container images. Note: The new engine reassesses all existing resources, so you may notice some findings being closed while new vulnerabilities are identified based on the updated dependency collection. Link.
AWS announced general availability of network activity events for Amazon Virtual Private Cloud (Amazon VPC) endpoints in AWS CloudTrail, which enables you to log and monitor AWS API activity passing through your VPC endpoints. Previously, VPC endpoint policies could restrict access from external accounts, there was no built-in capability to log denied actions or identify when external credentials were used at a VPC endpoint. Link. For example, this is my config:
