🔶 How to use AWS Resource Control Policies
Another article, this time from Wiz, looking at the newly introduced RCPs.
https://www.wiz.io/blog/how-to-use-aws-resource-control-policies
#aws
Another article, this time from Wiz, looking at the newly introduced RCPs.
https://www.wiz.io/blog/how-to-use-aws-resource-control-policies
#aws
👍2❤1🔥1
🔶 Hands-On Security Tips For Centralize Root Access In AWS
AWS has recently introduced a centralized root access management feature for AWS Organizations. This blog covers why this is important, how it changes root access management, and tips for how to handle this new feature.
https://medium.com/@oraspir/hands-on-security-tips-for-centralize-root-access-in-aws-assumeroot-5d315de423cd
#aws
AWS has recently introduced a centralized root access management feature for AWS Organizations. This blog covers why this is important, how it changes root access management, and tips for how to handle this new feature.
https://medium.com/@oraspir/hands-on-security-tips-for-centralize-root-access-in-aws-assumeroot-5d315de423cd
#aws
👍2❤1🔥1
🔶 Secure root user access for member accounts in AWS Organizations
How you can centrally manage root credentials and perform tasks that previously required root credentials across member accounts in your organization.
https://aws.amazon.com/ru/blogs/security/secure-root-user-access-for-member-accounts-in-aws-organizations/
#aws
How you can centrally manage root credentials and perform tasks that previously required root credentials across member accounts in your organization.
https://aws.amazon.com/ru/blogs/security/secure-root-user-access-for-member-accounts-in-aws-organizations/
#aws
👍2❤1🔥1
🔶 The New PKCE Authentication in AWS SSO Brings Hope (Mostly)
Post taking a closer look at the newly-released PKCE support for AWS SSO authentication flows.
https://blog.christophetd.fr/pkce-aws-sso/
#aws
Post taking a closer look at the newly-released PKCE support for AWS SSO authentication flows.
https://blog.christophetd.fr/pkce-aws-sso/
#aws
👍2❤1🔥1
🔶 New AWS Security Incident Response helps organizations respond to and recover from security events
AWS introduced a new service to streamline security event response, providing automated triage, coordinated communication, and expert guidance to recover from cybersecurity threats.
https://aws.amazon.com/ru/blogs/aws/new-aws-security-incident-response-helps-organizations-respond-to-and-recover-from-security-events/
(Use VPN to open from Russia)
#aws
AWS introduced a new service to streamline security event response, providing automated triage, coordinated communication, and expert guidance to recover from cybersecurity threats.
https://aws.amazon.com/ru/blogs/aws/new-aws-security-incident-response-helps-organizations-respond-to-and-recover-from-security-events/
(Use VPN to open from Russia)
#aws
👍2❤1🔥1
🔶 Introducing Amazon GuardDuty Extended Threat Detection: AI/ML attack sequence identification for enhanced cloud security
AWS extends GuardDuty with AI/ML capabilities to detect complex attack sequences across workloads, applications, and data, correlating multiple security signals over time for proactive cloud security.
https://aws.amazon.com/ru/blogs/aws/introducing-amazon-guardduty-extended-threat-detection-aiml-attack-sequence-identification-for-enhanced-cloud-security/
(Use VPN to open from Russia)
#aws
AWS extends GuardDuty with AI/ML capabilities to detect complex attack sequences across workloads, applications, and data, correlating multiple security signals over time for proactive cloud security.
https://aws.amazon.com/ru/blogs/aws/introducing-amazon-guardduty-extended-threat-detection-aiml-attack-sequence-identification-for-enhanced-cloud-security/
(Use VPN to open from Russia)
#aws
👍2🔥2❤1
🔴 sftp-gcs
An implementation of an SFTP to Google Cloud Storage bridge.
https://github.com/kolban-google/sftp-gcs
#gcp
An implementation of an SFTP to Google Cloud Storage bridge.
https://github.com/kolban-google/sftp-gcs
#gcp
👍2❤1🔥1
🔶 AWS Clean Rooms now supports multiple clouds and data sources
With expanded data sources, AWS Clean Rooms helps customers securely collaborate with their partners' data across clouds, eliminating data movement, safeguarding sensitive information, promoting data freshness, and streamlining cross-company insights.
https://aws.amazon.com/ru/blogs/aws/aws-clean-rooms-now-supports-multiple-clouds-and-data-sources/
(Use VPN to open from Russia)
#aws
With expanded data sources, AWS Clean Rooms helps customers securely collaborate with their partners' data across clouds, eliminating data movement, safeguarding sensitive information, promoting data freshness, and streamlining cross-company insights.
https://aws.amazon.com/ru/blogs/aws/aws-clean-rooms-now-supports-multiple-clouds-and-data-sources/
(Use VPN to open from Russia)
#aws
❤1👍1🔥1
🔶🔷🔴 How Adversaries Abuse Serverless Services to Harvest Sensitive Data from Environment Variables
How threat actors can exploit sensitive data stored in serverless environment variables in AWS, Azure, GCP and Kubernetes, and the use of cloud-offensive tools for this purpose.
https://permiso.io/blog/how-adversaries-abuse-serverless-services-to-harvest-sensitive-data-from-environment-variables
#aws #azure #gcp
How threat actors can exploit sensitive data stored in serverless environment variables in AWS, Azure, GCP and Kubernetes, and the use of cloud-offensive tools for this purpose.
https://permiso.io/blog/how-adversaries-abuse-serverless-services-to-harvest-sensitive-data-from-environment-variables
#aws #azure #gcp
🔥2❤1👍1
🔶 Exploring AWS STS AssumeRoot
A post from the Elastic team exploring AWS STS AssumeRoot, its risks, detection strategies, and practical scenarios to secure against privilege escalation and account compromise.
https://www.elastic.co/security-labs/exploring-aws-sts-assumeroot
#aws
A post from the Elastic team exploring AWS STS AssumeRoot, its risks, detection strategies, and practical scenarios to secure against privilege escalation and account compromise.
https://www.elastic.co/security-labs/exploring-aws-sts-assumeroot
#aws
❤1👍1🔥1
Microsoft Azure allows Windows Virtual Machines to join an Entra tenant that differs from the hosting tenant, using an Azure AD VM Extension for domain joining.
https://akingscote.co.uk/posts/microsoft-azure-cross-tenant-vm-domain-join/
#azure
Please open Telegram to view this post
VIEW IN TELEGRAM
👍2❤1🔥1
This article discusses log poisoning attacks against Microsoft Sentinel, explaining how attackers can manipulate logs to evade detection. It covers attack techniques, potential impacts, and mitigation strategies for defenders to protect their SIEM environments.
https://akingscote.co.uk/posts/microsoft-sentinel-log-poisoning/
#azure
Please open Telegram to view this post
VIEW IN TELEGRAM
🔥2❤1👍1
🔶 Tales from the cloud trenches: Unwanted visitor
A cloud attack targeting Amazon SES, persistence, and a malicious AWS account ID.
https://securitylabs.datadoghq.com/articles/tales-from-the-cloud-trenches-unwanted-visitor/
#aws
A cloud attack targeting Amazon SES, persistence, and a malicious AWS account ID.
https://securitylabs.datadoghq.com/articles/tales-from-the-cloud-trenches-unwanted-visitor/
#aws
👍2❤1🔥1
🔴 Locking down Cloud Run: Inside Commerzbank's adoption of Custom Org Policies
Commerzbank has adopted Google Cloud's Custom Org Policies to enhance security for its Cloud Run environments, addressing the critical need for robust security in financial services.
https://cloud.google.com/blog/topics/financial-services/commerzbank-cloud-run-custom-org-policies/
#gcp
Commerzbank has adopted Google Cloud's Custom Org Policies to enhance security for its Cloud Run environments, addressing the critical need for robust security in financial services.
https://cloud.google.com/blog/topics/financial-services/commerzbank-cloud-run-custom-org-policies/
#gcp
👍2❤1🔥1
🔶 A practical guide to getting started with policy as code
Post detailing the concepts, processes, and steps to get started with policy as code (PaC) and adopt this into your software development lifecycle.
https://aws.amazon.com/ru/blogs/infrastructure-and-automation/a-practical-guide-to-getting-started-with-policy-as-code/
(Use VPN to open from Russia)
#aws
Post detailing the concepts, processes, and steps to get started with policy as code (PaC) and adopt this into your software development lifecycle.
https://aws.amazon.com/ru/blogs/infrastructure-and-automation/a-practical-guide-to-getting-started-with-policy-as-code/
(Use VPN to open from Russia)
#aws
❤1👍1🔥1
🔶 AWS Network Firewall Geographic IP Filtering launch
Geographic IP Filtering is a new feature of Network Firewall that you can use to filter traffic based on geographic location and meet compliance requirements.
https://aws.amazon.com/ru/blogs/security/aws-network-firewall-geographic-ip-filtering-launch/
(Use VPN to open from Russia)
#aws
Geographic IP Filtering is a new feature of Network Firewall that you can use to filter traffic based on geographic location and meet compliance requirements.
https://aws.amazon.com/ru/blogs/security/aws-network-firewall-geographic-ip-filtering-launch/
(Use VPN to open from Russia)
#aws
❤2👍2🔥1
🔴 Improve your security posture with expanded Custom Org Policy
Administrators can use custom organization policies to set granular resource configurations in order to enhance security posture, address regulatory requirements, and increase operational efficiencies, all without impacting development velocity.
https://cloud.google.com/blog/products/identity-security/announcing-expanded-custom-org-policy-portfolio-of-supported-products/
#gcp
Administrators can use custom organization policies to set granular resource configurations in order to enhance security posture, address regulatory requirements, and increase operational efficiencies, all without impacting development velocity.
https://cloud.google.com/blog/products/identity-security/announcing-expanded-custom-org-policy-portfolio-of-supported-products/
#gcp
❤1👍1🔥1
🔶 A small digest of AWS news:
1️⃣ AWS Control Tower launches managed controls using declarative policies
These policies are a set of new optional controls that help you consistently enforce the desired configuration for a service.
2️⃣ AWS Config now supports a service-linked recorder
AWS Config added support for a service-linked recorder, a new type of AWS Config recorder that is managed by an AWS service and can record configuration data on service-specific resources, such as the new Amazon CloudWatch telemetry configurations audit.
(Use VPN to open from Russia)
#aws
1️⃣ AWS Control Tower launches managed controls using declarative policies
These policies are a set of new optional controls that help you consistently enforce the desired configuration for a service.
2️⃣ AWS Config now supports a service-linked recorder
AWS Config added support for a service-linked recorder, a new type of AWS Config recorder that is managed by an AWS service and can record configuration data on service-specific resources, such as the new Amazon CloudWatch telemetry configurations audit.
(Use VPN to open from Russia)
#aws
❤1👍1🔥1
🙂 Dear friends,
this year we have already become more than 2000 people. And this is very cool.
Only thanks to you we will make even cooler content. Thank you very much.
🎉 Happy New Year 2025! We wish you success in your personal life and career. Let's make the new year much better than 2024 together!
#HappyNewYear
this year we have already become more than 2000 people. And this is very cool.
Only thanks to you we will make even cooler content. Thank you very much.
🎉 Happy New Year 2025! We wish you success in your personal life and career. Let's make the new year much better than 2024 together!
#HappyNewYear
👍4❤1🔥1
🔶 hidden-services-revealer
A tool to map hidden services in AWS. It does this by following the triggered events of a user's actions.
https://github.com/tenable/hidden-services-revealer
#aws
A tool to map hidden services in AWS. It does this by following the triggered events of a user's actions.
https://github.com/tenable/hidden-services-revealer
#aws
❤1👍1🔥1
🔶🔴 cloudranger
Go library for mapping IP address ranges to cloud provider regions (currently: AWS and GCP).
https://github.com/planetscale/cloudranger
#aws #gcp
Go library for mapping IP address ranges to cloud provider regions (currently: AWS and GCP).
https://github.com/planetscale/cloudranger
#aws #gcp
👍2❤1🔥1