🔶 CopyObjection: Fending off ransomware in AWS
In a compromised AWS environment, adversaries can copy S3 objects, encrypt them, and prevent the victim from recovering the encryption keys.
https://redcanary.com/blog/incident-response/aws-ransomware/
#aws
In a compromised AWS environment, adversaries can copy S3 objects, encrypt them, and prevent the victim from recovering the encryption keys.
https://redcanary.com/blog/incident-response/aws-ransomware/
#aws
👍2🔥2❤1
🔶 RogueOIDC: AWS Persistence and Evasion through attacker-controlled OIDC Identity Provider
This research shows what an attacker can achieve after creating a malicious OIDC identity provider in AWS and how they can do it. The article presents novel techniques and tools for persistence and evasion.
https://www.offensai.com/blog/rogueoidc-aws-persistence-and-evasion-through-attacker-controlled-oidc-identity-provider
(Use VPN to open from Russia)
#aws
This research shows what an attacker can achieve after creating a malicious OIDC identity provider in AWS and how they can do it. The article presents novel techniques and tools for persistence and evasion.
https://www.offensai.com/blog/rogueoidc-aws-persistence-and-evasion-through-attacker-controlled-oidc-identity-provider
(Use VPN to open from Russia)
#aws
❤1👍1🔥1
🔶 How Adversaries Exploit Unmonitored Cloud Regions to Evade Detection
This blog explores how unused cloud regions can be abused, the tools that enable such exploits, and strategies to mitigate these risks.
https://permiso.io/blog/how-threat-actors-leverage-unsupported-cloud-regions
#aws
This blog explores how unused cloud regions can be abused, the tools that enable such exploits, and strategies to mitigate these risks.
https://permiso.io/blog/how-threat-actors-leverage-unsupported-cloud-regions
#aws
❤1👍1🔥1
🔶 Implement effective data authorization mechanisms to secure your data used in generative AI applications - part 2
Depending on where the data sits as part of the generative AI application, you will need to use different implementations of data authorization, and there isn't a one-size-fits-all solution.
https://aws.amazon.com/ru/blogs/security/implement-effective-data-authorization-mechanisms-to-secure-your-data-used-in-generative-ai-applications-part-2/
(Use VPN to open from Russia)
#aws
Depending on where the data sits as part of the generative AI application, you will need to use different implementations of data authorization, and there isn't a one-size-fits-all solution.
https://aws.amazon.com/ru/blogs/security/implement-effective-data-authorization-mechanisms-to-secure-your-data-used-in-generative-ai-applications-part-2/
(Use VPN to open from Russia)
#aws
👍2❤1🔥1
🔶 terraform-aws-vulne-soldier
This Terraform module consists of the configuration for automating the remediation of AWS EC2 vulnerabilities using AWS Inspector findings.
https://github.com/iKnowJavaScript/terraform-aws-vulne-soldier
#aws #tools
This Terraform module consists of the configuration for automating the remediation of AWS EC2 vulnerabilities using AWS Inspector findings.
https://github.com/iKnowJavaScript/terraform-aws-vulne-soldier
#aws #tools
❤1👍1🔥1
Post discussing the challenges of managing multifactor authentication (MFA) settings in Microsoft Entra ID, especially in light of evolving threats.
https://www.securesloth.com/home/what-in-the-mfa
#azure
Please open Telegram to view this post
VIEW IN TELEGRAM
❤1👍1🔥1
🔶 whoAMI: A cloud image name confusion attack
Post detailing the discovery and impact of the whoAMI cloud image name confusion attack, which could allow attackers to execute code within AWS accounts due to a vulnerable pattern in AMI retrieval.
https://securitylabs.datadoghq.com/articles/whoami-a-cloud-image-name-confusion-attack/
#aws
Post detailing the discovery and impact of the whoAMI cloud image name confusion attack, which could allow attackers to execute code within AWS accounts due to a vulnerable pattern in AMI retrieval.
https://securitylabs.datadoghq.com/articles/whoami-a-cloud-image-name-confusion-attack/
#aws
👍3❤1🔥1
🔶 AWS Tightens the Reins: New AWS SaaS Marketplace Rules Will Impact Your Commitments
AWS has announced new rules for its SaaS Marketplace that will significantly affect how customers meet their spend commitments.
https://www.duckbillgroup.com/blog/new-aws-marketplace-rules/
#aws
AWS has announced new rules for its SaaS Marketplace that will significantly affect how customers meet their spend commitments.
https://www.duckbillgroup.com/blog/new-aws-marketplace-rules/
#aws
❤2🔥1👏1
🔶 Announcing ASCP integration with Pod Identity: Enhanced security for secrets management in Amazon EKS
The integration of ASCP with Pod Identity marks a significant step forward in secrets management for Amazon EKS. It offers enhanced security, simplified configuration, and improved operations.
https://aws.amazon.com/ru/blogs/security/announcing-ascp-integration-with-pod-identity-enhanced-security-for-secrets-management-in-amazon-eks/
(Use VPN to open from Russia)
#aws
The integration of ASCP with Pod Identity marks a significant step forward in secrets management for Amazon EKS. It offers enhanced security, simplified configuration, and improved operations.
https://aws.amazon.com/ru/blogs/security/announcing-ascp-integration-with-pod-identity-enhanced-security-for-secrets-management-in-amazon-eks/
(Use VPN to open from Russia)
#aws
❤1👍1🔥1
🔴 jit-groups
JIT Groups is an open source application that lets you implement secure, self-service access management for Google Cloud using groups.
https://github.com/GoogleCloudPlatform/jit-groups
#gcp
JIT Groups is an open source application that lets you implement secure, self-service access management for Google Cloud using groups.
https://github.com/GoogleCloudPlatform/jit-groups
#gcp
👍2❤1🔥1
🔶 The Cat Flap - How to really Purrsist in AWS Accounts
A playful guide to creating covert backdoors in AWS accounts, specifically using the AWSControlTowerExecution role.
https://rootcat.de/blog/thecatflap/
#aws
A playful guide to creating covert backdoors in AWS accounts, specifically using the AWSControlTowerExecution role.
https://rootcat.de/blog/thecatflap/
#aws
❤1👍1🔥1
🔶 Abusing AWS Serverless Image Handler
The AWS solution "Dynamic Image Transformation for Amazon CloudFront", previously known as "AWS Serverless Image Handler", contains a configuration weakness where the role associated with the Lambda does not constrain which buckets can be accessed. The environment variable can be set to a wildcard allowing access to any bucket.
https://www.o3c.no/knowledge/abusing-aws-serverless-image-handler
#aws
The AWS solution "Dynamic Image Transformation for Amazon CloudFront", previously known as "AWS Serverless Image Handler", contains a configuration weakness where the role associated with the Lambda does not constrain which buckets can be accessed. The environment variable can be set to a wildcard allowing access to any bucket.
https://www.o3c.no/knowledge/abusing-aws-serverless-image-handler
#aws
❤1👍1🔥1
🔶 Emulating AWS S3 SSE-C Ransom for Threat Detection
Article exploring how threat actors leverage Amazon S3's Server-Side Encryption with Customer-Provided Keys (SSE-C) for ransom/extortion operations.
https://www.elastic.co/security-labs/emulating-aws-s3-sse-c
#aws
Article exploring how threat actors leverage Amazon S3's Server-Side Encryption with Customer-Provided Keys (SSE-C) for ransom/extortion operations.
https://www.elastic.co/security-labs/emulating-aws-s3-sse-c
#aws
❤1👍1🔥1
Microsoft's geolocation service misidentified the Singapore logins as originating from the Eastern Seaboard (New York, New Jersey, Virginia).
https://petrasecurity.substack.com/p/how-did-singapore-bypass-your-us
#azure
Please open Telegram to view this post
VIEW IN TELEGRAM
😱2👍1🔥1
🔶 The Risk You Can't Afford to Ignore: AWS SES and Email Spoofing
This article discusses AWS SES email spoofing vulnerabilities, potentially enabling phishing attacks.
https://badshah.io/aws-ses-and-email-spoofing/
#aws
This article discusses AWS SES email spoofing vulnerabilities, potentially enabling phishing attacks.
https://badshah.io/aws-ses-and-email-spoofing/
#aws
❤1🔥1😱1
🔴 Finding Malware: Detecting Fake Browser Updates Attacks with Google Security Operations
This post dive into Fake Browser Update Attacks, the payloads they deliver, and detection opportunities within the Google SecOps platform.
https://www.googlecloudcommunity.com/gc/Community-Blog/Finding-Malware-Detecting-Fake-Browser-Updates-Attacks-with/ba-p/876307
#gcp
This post dive into Fake Browser Update Attacks, the payloads they deliver, and detection opportunities within the Google SecOps platform.
https://www.googlecloudcommunity.com/gc/Community-Blog/Finding-Malware-Detecting-Fake-Browser-Updates-Attacks-with/ba-p/876307
#gcp
👍2❤1🔥1
🔴 Inter-VPC connectivity architecture patterns in Cross-Cloud Network
How to use Cross-Cloud Network to design inter-network communication architectures with Network Connectivity Center or VPC peering.
https://cloud.google.com/blog/products/networking/inter-network-communication-design-with-ncc-vpc-peering/
#gcp
How to use Cross-Cloud Network to design inter-network communication architectures with Network Connectivity Center or VPC peering.
https://cloud.google.com/blog/products/networking/inter-network-communication-design-with-ncc-vpc-peering/
#gcp
👍3❤1🔥1
🔶 Connect your on-premises Kubernetes cluster to AWS APIs using IAM Roles Anywhere
IAM Roles Anywhere enables workloads outside of AWS to access AWS resources by exchanging X.509 bound identities for temporary AWS credentials.
https://aws.amazon.com/ru/blogs/security/connect-your-on-premises-kubernetes-cluster-to-aws-apis-using-iam-roles-anywhere/
(Use VPN to open from Russia)
#aws
IAM Roles Anywhere enables workloads outside of AWS to access AWS resources by exchanging X.509 bound identities for temporary AWS credentials.
https://aws.amazon.com/ru/blogs/security/connect-your-on-premises-kubernetes-cluster-to-aws-apis-using-iam-roles-anywhere/
(Use VPN to open from Russia)
#aws
👍2❤1🔥1
🔶 From log analysis to rule creation: How AWS Network Firewall automates domain-based security for outbound traffic
Post guiding you through the implementation of the AWS Network Firewall automated domain list feature, providing a detailed overview, step-by-step instructions, and best practices to optimize your network security.
https://aws.amazon.com/ru/blogs/security/from-log-analysis-to-rule-creation-how-aws-network-firewall-automates-domain-based-security-for-outbound-traffic/
(Use VPN to open from Russia)
#aws
Post guiding you through the implementation of the AWS Network Firewall automated domain list feature, providing a detailed overview, step-by-step instructions, and best practices to optimize your network security.
https://aws.amazon.com/ru/blogs/security/from-log-analysis-to-rule-creation-how-aws-network-firewall-automates-domain-based-security-for-outbound-traffic/
(Use VPN to open from Russia)
#aws
👍2❤1🔥1
A vulnerability in Microsoft Azure that allows users with Reader access to expose sensitive metadata about secrets stored in Azure Key Vaults.
https://cirriustech.co.uk/blog/azure-vault-recon/
#azure
Please open Telegram to view this post
VIEW IN TELEGRAM
❤1👍1🔥1
🔶 Evaluating AWS Native Approaches for Detecting Suspicious API Calls
Three primary approaches: 1) EventBridge → SNS → Email, 2) CloudTrail → S3 → Lambda → SNS → Email, and 3) CloudTrail → CloudWatch → MetricFilter → MetricAlert → SNS → Email.
https://medium.com/@adan.alvarez/diy-evaluating-aws-native-approaches-for-detecting-suspicious-api-calls-c6e05de97a49
(Use VPN to open from Russia)
#aws
Three primary approaches: 1) EventBridge → SNS → Email, 2) CloudTrail → S3 → Lambda → SNS → Email, and 3) CloudTrail → CloudWatch → MetricFilter → MetricAlert → SNS → Email.
https://medium.com/@adan.alvarez/diy-evaluating-aws-native-approaches-for-detecting-suspicious-api-calls-c6e05de97a49
(Use VPN to open from Russia)
#aws
❤1👍1🔥1