🔶 AWS Tightens the Reins: New AWS SaaS Marketplace Rules Will Impact Your Commitments

AWS has announced new rules for its SaaS Marketplace that will significantly affect how customers meet their spend commitments.

https://www.duckbillgroup.com/blog/new-aws-marketplace-rules/

#aws

🔶 Announcing ASCP integration with Pod Identity: Enhanced security for secrets management in Amazon EKS

The integration of ASCP with Pod Identity marks a significant step forward in secrets management for Amazon EKS. It offers enhanced security, simplified configuration, and improved operations.

https://aws.amazon.com/ru/blogs/security/announcing-ascp-integration-with-pod-identity-enhanced-security-for-secrets-management-in-amazon-eks/

(Use VPN to open from Russia)

#aws

🔴 jit-groups

JIT Groups is an open source application that lets you implement secure, self-service access management for Google Cloud using groups.

https://github.com/GoogleCloudPlatform/jit-groups

#gcp

🔶 The Cat Flap - How to really Purrsist in AWS Accounts

A playful guide to creating covert backdoors in AWS accounts, specifically using the AWSControlTowerExecution role.

https://rootcat.de/blog/thecatflap/

#aws

🔶 Abusing AWS Serverless Image Handler

The AWS solution "Dynamic Image Transformation for Amazon CloudFront", previously known as "AWS Serverless Image Handler", contains a configuration weakness where the role associated with the Lambda does not constrain which buckets can be accessed. The environment variable can be set to a wildcard allowing access to any bucket.

https://www.o3c.no/knowledge/abusing-aws-serverless-image-handler

#aws

🔶 Emulating AWS S3 SSE-C Ransom for Threat Detection

Article exploring how threat actors leverage Amazon S3's Server-Side Encryption with Customer-Provided Keys (SSE-C) for ransom/extortion operations.

https://www.elastic.co/security-labs/emulating-aws-s3-sse-c

#aws

🔶 The Risk You Can't Afford to Ignore: AWS SES and Email Spoofing

This article discusses AWS SES email spoofing vulnerabilities, potentially enabling phishing attacks.

https://badshah.io/aws-ses-and-email-spoofing/

#aws

🔴 Finding Malware: Detecting Fake Browser Updates Attacks with Google Security Operations

This post dive into Fake Browser Update Attacks, the payloads they deliver, and detection opportunities within the Google SecOps platform.

https://www.googlecloudcommunity.com/gc/Community-Blog/Finding-Malware-Detecting-Fake-Browser-Updates-Attacks-with/ba-p/876307

#gcp

🔴 Inter-VPC connectivity architecture patterns in Cross-Cloud Network

How to use Cross-Cloud Network to design inter-network communication architectures with Network Connectivity Center or VPC peering.

https://cloud.google.com/blog/products/networking/inter-network-communication-design-with-ncc-vpc-peering/

#gcp

🔶 Connect your on-premises Kubernetes cluster to AWS APIs using IAM Roles Anywhere

IAM Roles Anywhere enables workloads outside of AWS to access AWS resources by exchanging X.509 bound identities for temporary AWS credentials.

https://aws.amazon.com/ru/blogs/security/connect-your-on-premises-kubernetes-cluster-to-aws-apis-using-iam-roles-anywhere/

(Use VPN to open from Russia)

#aws

🔶 From log analysis to rule creation: How AWS Network Firewall automates domain-based security for outbound traffic

Post guiding you through the implementation of the AWS Network Firewall automated domain list feature, providing a detailed overview, step-by-step instructions, and best practices to optimize your network security.

https://aws.amazon.com/ru/blogs/security/from-log-analysis-to-rule-creation-how-aws-network-firewall-automates-domain-based-security-for-outbound-traffic/

(Use VPN to open from Russia)

#aws

🔶 Evaluating AWS Native Approaches for Detecting Suspicious API Calls

Three primary approaches: 1) EventBridge → SNS → Email, 2) CloudTrail → S3 → Lambda → SNS → Email, and 3) CloudTrail → CloudWatch → MetricFilter → MetricAlert → SNS → Email.

https://medium.com/@adan.alvarez/diy-evaluating-aws-native-approaches-for-detecting-suspicious-api-calls-c6e05de97a49

(Use VPN to open from Russia)

#aws

🔴 Introducing AI Protection: Security for the AI era

Google Cloud's new AI Protection safeguards AI workloads and data across clouds and models, no matter the platform.

https://cloud.google.com/blog/products/identity-security/introducing-ai-protection-security-for-the-ai-era/

#gcp

🔴 gcp-landing-zone

This repository contains the Terraform code necessary to set up a Landing Zone using the Google Cloud Platform (GCP).

https://github.com/ollionorg/gcp-landing-zone

#gcp

🔴 Safer and Multimodal: Responsible AI with Gemma

ShieldGemma 2 can detect harmful content in AI models' text and image inputs/outputs, built on Gemma 3 for safer AI development.

https://developers.googleblog.com/en/safer-and-multimodal-responsible-ai-with-gemma/

#gcp

🔴 Project Shield makes it easier to sign up, set up, automate DDoS protection

Project Shield employs Google Cloud Armor to defend against DDoS attacks with minimal user configuration.

https://cloud.google.com/blog/products/identity-security/project-shield-makes-it-easier-to-sign-up-set-up-automate-ddos-protection/

#gcp

🔶 Amazon EKS now envelope encrypts all Kubernetes API data by default

EKS enables default envelope encryption for all Kubernetes API data in EKS clusters running Kubernetes version 1.28 or higher.

https://aws.amazon.com/ru/about-aws/whats-new/2025/03/amazon-eks-envelope-encrypts-kubernetes-api-data-default/

(Use VPN to open from Russia)

#aws