AWS Security Digest

CloudFront Prefix List Bypass 🔍 Federico Lucini Federico Lucini breaks down a subtle but impactful misconfiguration scenario affecting AWS CloudFront that can silently weaken your network perimeter controls. His research revisits CDN-based allowlisting and shows how trusting…

Journey for Writing a Second Edition of My Book: Cloud Security Handbook ✍️ Eyal Estrin Writing a technical book isn’t just about content—it’s about staying relevant in a fast-moving ecosystem. Eyal Estrin walks through what it really takes to update a cloud security book in…

Using the AWS CLI and Securing CloudShell ✍️ Rich Mogull If you're using AWS CloudShell, are you sure it's secure? Rich Mogull breaks down the often-overlooked security nuances of AWS CloudShell—AWS's browser-based command-line environment—and how to harden it for real-world…

Cloudy with a Chance of Hijacking: Forgotten DNS Records Enable Scam Actor By Jacques Portal & Renée Burton Over 1,000 hijacked subdomains. One persistent threat actor. Zero alerts from the original owners. Jacques Portal and Renée Burton uncover how a malicious campaign…

🛎️ AWS Security Digest 234 is out! 1️⃣ The Silent Attackers: Exploiting VPC Endpoints to Expose AWS Accounts of S3 Buckets Without a Trace by Maya Parizer 2️⃣ Bedrock'n'role: Annoying trust relationships in Bedrock service roles by Daniel Grzelak 3️⃣ Datadog threat roundup: Top…

Cloud Pentesting or Just Scanning? Let’s Talk. ✍️ Sena Yakut Is your “cloud pentest” really just a glorified vulnerability scan? Sena Yakut breaks down the critical difference between manual cloud penetration testing and automated scanners—and why it matters. 🔍 Scanners can…

Building Uber’s Multi-Cloud Secrets Management Platform to Enhance Security By: Matt Mathew, Ludi Li, Chen Xi, Yiting Fan Managing secrets across AWS, GCP, and on-prem is no small feat—Uber’s Security Engineering team shares how they tackled it by building a scalable,…

Tales from the Cloud Trenches: The Attacker doth persist too much, methinks By Martin McCloskey How do you respond when an attacker just won’t go away? This detailed incident analysis from Datadog Security Labs exposes a persistent threat actor who repeatedly regained access to…

China-Nexus APTs Exploit SAP Flaw to Target Critical Infrastructure By Arda Büyükkaya Chinese nation-state actors are actively exploiting a newly disclosed SAP NetWeaver vulnerability (CVE-2025-31324) to infiltrate high-value critical infrastructure networks—and they’re using…

🧞 CloudTrail wish: almost granted By Aidan Steele You asked AWS for more control over CloudTrail visibility. They delivered—almost. Aidan Steele dives into the newly introduced includeManagementEvents filter for CloudTrail Lake—and why it’s a big step, but not the complete fix…

🛎️ AWS Security Digest 233 is out! 1️⃣ My AWS Account Got Hacked - Here Is What Happened by Zvi Wexlstein 2️⃣ ECS on EC2: Covering Gaps in IMDS Hardening by Latacora 3️⃣ Querying Terraform state with AWS Athena by Aidan Steele awssecuritydigest.com/past-issues/aw…

🛡️ Cloud Incident Readiness: Critical Infrastructure for Cloud Incident Response By Invictus Incident Response Is your cloud environment actually ready for incident response—or just hoping for the best? This article breaks down the often-overlooked foundational steps that…

🎯 Amazon S3 Bucket Name Squatting By Costas Kourmpoglou What happens when AWS customers delete S3 buckets without considering name reuse? Costas Kourmpoglou dives into S3 bucket name squatting—a subtle but potent threat vector that can lead to data leaks, broken apps, and even…

🔒 EKS vs. GKE — Security By Jason Umiker How do Amazon EKS and Google GKE really compare on security? Jason Umiker offers a no-nonsense, side-by-side breakdown of key security features, gaps, and usability tradeoffs between the two managed Kubernetes platforms. 📌 Highlights…

🔐 PEP and PDP for Secure Authorization with AVP and ABAC By Jimmy Dahlqvist How do you securely manage fine-grained access control in modern cloud-native systems? Jimmy Dahlqvist breaks down how to implement robust authorization using Policy Enforcement Points (PEP) and Policy…

🔍 What Analyzing Hundreds of Thousands of Cloud Environments Taught Us About Data Exposure By Wiz Research Team Wiz analyzed over 200,000 cloud environments—and the findings are eye-opening. The team reveals just how often sensitive data is left exposed and how attackers can…

🛎️ AWS Security Digest 232 is out! 1️⃣ Ransomware protection with immutable AWS Backup - it's complicated ... by Paul Schwarzenberger & Kurtis Mash 2️⃣ Mistrusted Advisor: When AWS Tooling Leaves Public S3 Buckets Undetected by Jason Kao 3️⃣ Sweet Deception: Mastering AWS Honey…

🕵️ Shadow Roles: AWS Defaults Can Open the Door to Service Takeover By Yakir Kadkoda & Ofek Itach What happens when default IAM configurations collide with poorly scoped service roles? You get “Shadow Roles”—a subtle but dangerous path to AWS service takeover. This AquaSec deep…

🚨 TrailAlerts: Take Control of Cloud Detection in AWS By Adan Álvarez Vilchez Tired of noisy, expensive threat detection tools that miss the real alerts? TrailAlerts is a lean, effective alternative built on native AWS services like CloudTrail, EventBridge, and Lambda—giving…

🛠️ AWS Built a Security Tool. It Introduced a Security Risk. By Eliav Livneh Security tooling isn’t always secure by design. Eliav Livneh unpacks how AWS’s new “Trusted Access” feature—meant to simplify delegated access—can inadvertently open the door to privilege escalation if…