🔶 AWS Launches Improvements for Key Quarantine Policy
AWS made improvements to the AWSCompromisedKeyQuarantine policies in order to protect potentially compromised accounts. The changes were based on threat intelligence gathered from attacks being seen in the wild.
https://sysdig.com/blog/aws-launches-improvements-for-key-quarantine-policy/
(Use VPN to open from Russia)
#aws
AWS made improvements to the AWSCompromisedKeyQuarantine policies in order to protect potentially compromised accounts. The changes were based on threat intelligence gathered from attacks being seen in the wild.
https://sysdig.com/blog/aws-launches-improvements-for-key-quarantine-policy/
(Use VPN to open from Russia)
#aws
👍3❤1🔥1
🔶 Improve security incident response times by using AWS Service Catalog to decentralize security notifications
A decentralized approach to security notifications, using a self-service mechanism powered by AWS Service Catalog to enhance response times.
https://aws.amazon.com/ru/blogs/security/improve-security-incident-response-times-by-using-aws-service-catalog-to-decentralize-security-notifications/
(Use VPN to open from Russia)
#aws
A decentralized approach to security notifications, using a self-service mechanism powered by AWS Service Catalog to enhance response times.
https://aws.amazon.com/ru/blogs/security/improve-security-incident-response-times-by-using-aws-service-catalog-to-decentralize-security-notifications/
(Use VPN to open from Russia)
#aws
👍4❤1🔥1
🙏 Hi, guys! We would like to ask you: in what language do you prefer to read our posts? Please vote
🙏 Всем привет! Хотим узнать у вас: на каком языке вам предпочтительнее читать наши посты? Ждем ваши голоса
🙏 Всем привет! Хотим узнать у вас: на каком языке вам предпочтительнее читать наши посты? Ждем ваши голоса
Anonymous Poll
32%
63%
4%
👍2🤯2❤1🔥1
Post discussing the typical attack chain used in campaigns misusing file hosting services and detail the recently observed tactics, techniques, and procedures (TTPs), including the increasing use of certain defense evasion tactics.
https://www.microsoft.com/en-us/security/blog/2024/10/08/file-hosting-services-misused-for-identity-phishing/
#azure
Please open Telegram to view this post
VIEW IN TELEGRAM
👍4❤1🔥1
🔶 Granted now mitigates device auth phishing in AWS IAM Identity Center
A new browser extension for Granted which makes authenticating to AWS IAM Identity Center faster and more secure.
https://www.commonfate.io/blog/granted-mitigates-aws-phishing
#aws
A new browser extension for Granted which makes authenticating to AWS IAM Identity Center faster and more secure.
https://www.commonfate.io/blog/granted-mitigates-aws-phishing
#aws
👍4❤1🔥1
🔶 Turning AWS Documentation into Gold: AI-Assisted Security Research
This article goes over how to use embeddings in AWS Bedrock, scraping AWS documentation, leveraging ripgrep for fast searches on local disk, and some interesting security research along the way.
https://www.securityrunners.io/post/ai-assisted-security-research
#aws
This article goes over how to use embeddings in AWS Bedrock, scraping AWS documentation, leveraging ripgrep for fast searches on local disk, and some interesting security research along the way.
https://www.securityrunners.io/post/ai-assisted-security-research
#aws
👍3❤1🔥1
🔶 Breaching the Data Perimeter: CloudTrail as a mechanism for Data Exfiltration
A - now fixed - AWS vulnerability that would have enabled potentially undetectable data exfiltration from even the most locked down of AWS accounts by leveraging the audit trail itself to stealthily leak data.
https://tracebit.com/blog/breaching-the-data-perimeter-cloudtrail-as-a-mechanism-for-data-exfiltration
#aws
A - now fixed - AWS vulnerability that would have enabled potentially undetectable data exfiltration from even the most locked down of AWS accounts by leveraging the audit trail itself to stealthily leak data.
https://tracebit.com/blog/breaching-the-data-perimeter-cloudtrail-as-a-mechanism-for-data-exfiltration
#aws
👍5❤3🔥1
🔶 CloudShell slip-up: command-line access to underlying AWS infrastructure
Incident Overview: During a cloud security training session, a delegate encountered an unexpected AWS account identity while using CloudShell.
https://medium.com/@paulschwarzenberger/cloudshell-slip-up-command-line-access-to-underlying-aws-infrastructure-ae77a0858088
#aws
Incident Overview: During a cloud security training session, a delegate encountered an unexpected AWS account identity while using CloudShell.
https://medium.com/@paulschwarzenberger/cloudshell-slip-up-command-line-access-to-underlying-aws-infrastructure-ae77a0858088
#aws
👍3❤1🔥1
🔶 Perfecting Ransomware on AWS - Using "keys to the kingdom" to change the locks
This article discusses the shift from traditional data dumping in compromised AWS accounts to utilizing AWS KMS features for ransomware attacks.
https://medium.com/@harsh8v/redefining-ransomware-attacks-on-aws-using-aws-kms-xks-dea668633802
#aws
This article discusses the shift from traditional data dumping in compromised AWS accounts to utilizing AWS KMS features for ransomware attacks.
https://medium.com/@harsh8v/redefining-ransomware-attacks-on-aws-using-aws-kms-xks-dea668633802
#aws
👍2❤1🔥1
🔶 Security Logging in Cloud Environments - AWS
Author has refreshed article which covers how to design a state of the art multi-account security logging platform in AWS: removed stale links and legacy advice on MFA delete, added API Gateway access logs, and added a "Tracking Misconfigurations" section.
https://blog.marcolancini.it/2021/blog-security-logging-cloud-environments-aws/
#aws
Author has refreshed article which covers how to design a state of the art multi-account security logging platform in AWS: removed stale links and legacy advice on MFA delete, added API Gateway access logs, and added a "Tracking Misconfigurations" section.
https://blog.marcolancini.it/2021/blog-security-logging-cloud-environments-aws/
#aws
👍5❤1🔥1
🔶 AWS IAM Policy Condition Operators Explained
There are 27 basic condition operators you can use in an AWS IAM policy. Then you can add "ForAllValues" or "ForAnyValue" to the beginning and "IfExists" to the end of almost all of them.
https://iam.cloudcopilot.io/resources/operators
#aws
There are 27 basic condition operators you can use in an AWS IAM policy. Then you can add "ForAllValues" or "ForAnyValue" to the beginning and "IfExists" to the end of almost all of them.
https://iam.cloudcopilot.io/resources/operators
#aws
👍3❤1🔥1
🔶 How to build a Security Guardians program to distribute security ownership
Post outlining the steps to follow to build your own Security Guardians program for your organization.
https://aws.amazon.com/ru/blogs/security/how-to-build-your-own-security-guardians-program/
(Use VPN to open from Russia)
#aws
Post outlining the steps to follow to build your own Security Guardians program for your organization.
https://aws.amazon.com/ru/blogs/security/how-to-build-your-own-security-guardians-program/
(Use VPN to open from Russia)
#aws
👍3❤2🔥1
🔶 How to use interface VPC endpoints to meet your security objectives
Four security objectives that VPC endpoints help you achieve.
https://aws.amazon.com/ru/blogs/security/how-to-use-interface-vpc-endpoints-to-meet-your-security-objectives/
(Use VPN to open from Russia)
#aws
Four security objectives that VPC endpoints help you achieve.
https://aws.amazon.com/ru/blogs/security/how-to-use-interface-vpc-endpoints-to-meet-your-security-objectives/
(Use VPN to open from Russia)
#aws
👍3❤1🔥1
🔶 How to use the Amazon Detective API to investigate GuardDuty security findings and enrich data in Security Hub
How to integrate Amazon Detective with AWS Security Hub, giving you better visibility into threat indicators and investigative data directly from Security Hub, which provides you with a centralized view of your overall security posture across your AWS accounts.
https://aws.amazon.com/ru/blogs/security/how-to-use-the-amazon-detective-api-to-investigate-guardduty-security-findings-and-enrich-data-in-security-hub/
(Use VPN to open from Russia)
#aws
How to integrate Amazon Detective with AWS Security Hub, giving you better visibility into threat indicators and investigative data directly from Security Hub, which provides you with a centralized view of your overall security posture across your AWS accounts.
https://aws.amazon.com/ru/blogs/security/how-to-use-the-amazon-detective-api-to-investigate-guardduty-security-findings-and-enrich-data-in-security-hub/
(Use VPN to open from Russia)
#aws
👍2❤1🔥1
🔶 AWS CDK Risk: Exploiting a Missing S3 Bucket Allowed Account Takeover
The impact of this issue could, in certain scenarios, allow an attacker to gain administrative access to a target AWS account, resulting in a full account takeover.
https://www.aquasec.com/blog/aws-cdk-risk-exploiting-a-missing-s3-bucket-allowed-account-takeover/
#aws
The impact of this issue could, in certain scenarios, allow an attacker to gain administrative access to a target AWS account, resulting in a full account takeover.
https://www.aquasec.com/blog/aws-cdk-risk-exploiting-a-missing-s3-bucket-allowed-account-takeover/
#aws
👍4❤1🔥1
🔴 Exploring Google Cloud Default Service Accounts: Deep Dive and Real-World Adoption Trends
This post offers a deep dive into Google Cloud's default service accounts, explaining their functionality, risks, and real-world adoption trends.
https://securitylabs.datadoghq.com/articles/google-cloud-default-service-accounts/
#gcp
This post offers a deep dive into Google Cloud's default service accounts, explaining their functionality, risks, and real-world adoption trends.
https://securitylabs.datadoghq.com/articles/google-cloud-default-service-accounts/
#gcp
👍2❤1🔥1
🔶 Breaking free from the chains of fate - Bypassing AWSCompromisedKeyQuarantineV2 Policy
The article explores how threat actors manage to work around the limitations of the quarantine policy (AWSCompromisedKeyQuarantineV2) that is applied to identities whose credentials are leaked.
https://permiso.io/blog/introducing-detention-dodger
#aws
The article explores how threat actors manage to work around the limitations of the quarantine policy (AWSCompromisedKeyQuarantineV2) that is applied to identities whose credentials are leaked.
https://permiso.io/blog/introducing-detention-dodger
#aws
👍2❤1🔥1
🔶 EMERALDWHALE: 15k Cloud Credentials Stolen in Operation Targeting Exposed Git Config Files
This campaign used multiple private tools that abused multiple misconfigured web services, allowing attackers to steal credentials, clone private repositories, and extract cloud credentials from their source code. Credentials for over 10,000 private repositories were collected during the operation.
https://sysdig.com/blog/emeraldwhale/
(Use VPN to open from Russia)
#aws
This campaign used multiple private tools that abused multiple misconfigured web services, allowing attackers to steal credentials, clone private repositories, and extract cloud credentials from their source code. Credentials for over 10,000 private repositories were collected during the operation.
https://sysdig.com/blog/emeraldwhale/
(Use VPN to open from Russia)
#aws
🔥4❤1👍1
🔶 I bought us-east-1.com: A Look at Security, DNS Traffic, and Protecting AWS Users
When people think about the term «us-east-1», they often think of AWS's very data center region that powers countless businesses worldwide. But what if someone registered the us-east-1.com domain?
https://dev.to/aws-builders/i-bought-us-east-1com-a-look-at-security-dns-traffic-and-protecting-aws-users-15ng
#aws
When people think about the term «us-east-1», they often think of AWS's very data center region that powers countless businesses worldwide. But what if someone registered the us-east-1.com domain?
https://dev.to/aws-builders/i-bought-us-east-1com-a-look-at-security-dns-traffic-and-protecting-aws-users-15ng
#aws
👍6❤1🔥1
🔶 Building an AppRunner on EC2 with Cloudflare Zero Trust Access
How to automate the deployment of a private AppRunner instance on AWS that hosts multiple internal apps securely behind Cloudflare's zero-trust access controls.
https://blog.marcolancini.it/2024/blog-building-apprunner-ec2-cloudflare-zero-trust-access/
#aws
How to automate the deployment of a private AppRunner instance on AWS that hosts multiple internal apps securely behind Cloudflare's zero-trust access controls.
https://blog.marcolancini.it/2024/blog-building-apprunner-ec2-cloudflare-zero-trust-access/
#aws
👍2❤1🔥1
🔶 How Attackers Can Abuse IAM Roles Anywhere for Persistent AWS Access
The process involves using API actions like CreateTrustAnchor and CreateProfile to facilitate the exploitation.
https://medium.com/@adan.alvarez/how-attackers-can-abuse-iam-roles-anywhere-for-persistent-aws-access-b3ced6935dca
(Use VPN to open from Russia)
#aws
The process involves using API actions like CreateTrustAnchor and CreateProfile to facilitate the exploitation.
https://medium.com/@adan.alvarez/how-attackers-can-abuse-iam-roles-anywhere-for-persistent-aws-access-b3ced6935dca
(Use VPN to open from Russia)
#aws
👍3❤1🔥1