🔶 How to use the new CloudTrail network activity events for AWS VPC Endpoints
How AWS VPC Endpoint CloudTrail logs can help you troubleshoot endpoint policies and strengthen your network's security against data exfiltration.
https://www.wiz.io/blog/aws-vpc-endpoint-cloudtrail
#aws
How AWS VPC Endpoint CloudTrail logs can help you troubleshoot endpoint policies and strengthen your network's security against data exfiltration.
https://www.wiz.io/blog/aws-vpc-endpoint-cloudtrail
#aws
❤1👍1🔥1
🔶 IAM Role Trust Policies: Misconfigurations Hiding in Plain Sight
Even small misconfigurations in role trust policies can unintentionally create critical privilege escalation risks in AWS, such as allowing low-privileged users to assume admin roles.
https://www.token.security/blog/iam-role-trust-policies-misconfigurations-hiding-in-plain-sight
#aws
Even small misconfigurations in role trust policies can unintentionally create critical privilege escalation risks in AWS, such as allowing low-privileged users to assume admin roles.
https://www.token.security/blog/iam-role-trust-policies-misconfigurations-hiding-in-plain-sight
#aws
❤1👍1🔥1
🔶 AWS SNS Abuse: Data Exfiltration and Phishing
Post diving into publicly known SNS abuse attempts and Elastic's knowledge of the data source to develop detection capabilities.
https://www.elastic.co/security-labs/aws-sns-abuse
#aws
Post diving into publicly known SNS abuse attempts and Elastic's knowledge of the data source to develop detection capabilities.
https://www.elastic.co/security-labs/aws-sns-abuse
#aws
❤2👍1🔥1
🔶 Path Traversal Vulnerability in AWS SSM Agent's Plugin ID Validation
A Path Traversal vulnerability found in the AWS Systems Manager (SSM) Agent, specifically within the ValidatePluginId function of the pluginutil.go file.
https://cymulate.com/blog/aws-ssm-agent-plugin-id-path-traversal/
#aws
A Path Traversal vulnerability found in the AWS Systems Manager (SSM) Agent, specifically within the ValidatePluginId function of the pluginutil.go file.
https://cymulate.com/blog/aws-ssm-agent-plugin-id-path-traversal/
#aws
👍2❤1🔥1
🔶 Gaining Long-Term AWS Access with CodeBuild and GitHub
Another example of how attackers can abuse legitimate AWS services for persistence.
https://medium.com/@adan.alvarez/gaining-long-term-aws-access-with-codebuild-and-github-873324638784
#aws
Another example of how attackers can abuse legitimate AWS services for persistence.
https://medium.com/@adan.alvarez/gaining-long-term-aws-access-with-codebuild-and-github-873324638784
#aws
👍2❤1🔥1
🔶 Secure Cross-Account Access is Tricky. Four Common Dangerous Misconceptions
Post diving into cross-account trust policies, explaining four major misconceptions repeatedly seen in organizations, which often lead to the creation of cross-account trust paths from less secure accounts to more sensitive accounts.
https://www.token.security/blog/secure-cross-account-access-is-tricky-four-common-dangerous-misconceptions
#aws
Post diving into cross-account trust policies, explaining four major misconceptions repeatedly seen in organizations, which often lead to the creation of cross-account trust paths from less secure accounts to more sensitive accounts.
https://www.token.security/blog/secure-cross-account-access-is-tricky-four-common-dangerous-misconceptions
#aws
❤1👍1🔥1
🔶🔷🔴 Threat Modelling Cloud Service Providers in 2025
With the US Government acting in an erratic and hostile manner towards its traditional allies, it makes sense for companies not typically subject to US Jurisdiction to reconsider their threat models when using the big three cloud providers. All of them are US-based companies, and all three conduct a substantial amount of business with the US Government.
https://www.chrisfarris.com/post/threat-model-2025/
#aws #azure #gcp
With the US Government acting in an erratic and hostile manner towards its traditional allies, it makes sense for companies not typically subject to US Jurisdiction to reconsider their threat models when using the big three cloud providers. All of them are US-based companies, and all three conduct a substantial amount of business with the US Government.
https://www.chrisfarris.com/post/threat-model-2025/
#aws #azure #gcp
👍2❤1🔥1
Microsoft released and updated the threat matrix for Kubernetes, an active knowledge base for security threats that target Kubernetes clusters, to systematically map the attack surface of Kubernetes.
https://www.microsoft.com/en-us/security/blog/2025/04/23/understanding-the-threat-landscape-for-kubernetes-and-containerized-assets/
#azure
Please open Telegram to view this post
VIEW IN TELEGRAM
👍3❤1🔥1
🔴 MCP Toolbox for Databases: Simplify AI Agent Access to Enterprise Data
Learn how MCP Toolbox for Databases can help you deliver secure and standardized ways to have your agents communicate with one another and access enterprise data.
https://cloud.google.com/blog/products/ai-machine-learning/mcp-toolbox-for-databases-now-supports-model-context-protocol/
#gcp
Learn how MCP Toolbox for Databases can help you deliver secure and standardized ways to have your agents communicate with one another and access enterprise data.
https://cloud.google.com/blog/products/ai-machine-learning/mcp-toolbox-for-databases-now-supports-model-context-protocol/
#gcp
❤1👍1🔥1
🔶 How to help prevent hotlinking using referer checking, AWS WAF, and Amazon CloudFront
How to help prevent hotlinking by using header inspection in AWS WAF, while still taking advantage of the improved user experience from a CDN such as CloudFront.
https://aws.amazon.com/ru/blogs/security/how-to-prevent-hotlinking-by-using-aws-waf-amazon-cloudfront-and-referer-checking/
(Use VPN to open from Russia)
#aws
How to help prevent hotlinking by using header inspection in AWS WAF, while still taking advantage of the improved user experience from a CDN such as CloudFront.
https://aws.amazon.com/ru/blogs/security/how-to-prevent-hotlinking-by-using-aws-waf-amazon-cloudfront-and-referer-checking/
(Use VPN to open from Russia)
#aws
❤1👍1🔥1
🔶 AWS Built a Security Tool. It Introduced a Security Risk
The «Account Assessment for AWS Organizations» tool, designed to audit resource-based policies for risky cross-account access, ironically introduced cross-account privilege escalation risks due to flawed deployment instructions.
https://www.token.security/blog/aws-built-a-security-tool-it-introduced-a-security-risk
#aws
The «Account Assessment for AWS Organizations» tool, designed to audit resource-based policies for risky cross-account access, ironically introduced cross-account privilege escalation risks due to flawed deployment instructions.
https://www.token.security/blog/aws-built-a-security-tool-it-introduced-a-security-risk
#aws
❤1👍1🔥1
🔶 Shadow Roles: AWS Defaults Can Open the Door to Service Takeover
Post walking through multiple real-world scenarios, including how a malicious Hugging Face model can escalate privileges, how limited Glue access can impact other services, and how a single default role can ultimately lead to full control of an AWS account.
https://www.aquasec.com/blog/shadow-roles-aws-defaults-lead-to-service-takeover/
#aws
Post walking through multiple real-world scenarios, including how a malicious Hugging Face model can escalate privileges, how limited Glue access can impact other services, and how a single default role can ultimately lead to full control of an AWS account.
https://www.aquasec.com/blog/shadow-roles-aws-defaults-lead-to-service-takeover/
#aws
👍2❤1🔥1
🔶 Preventing Cross-Service Confused Deputy Attacks in AWS ELB Logging
Post highlighting the inconsistency in AWS services regarding S3 bucket permissions and encryption methods.
https://tomclancy.me/2025/04/24/preventing-cross-service-confused-deputy-attacks-in-aws-elb-logging.html
#aws
Post highlighting the inconsistency in AWS services regarding S3 bucket permissions and encryption methods.
https://tomclancy.me/2025/04/24/preventing-cross-service-confused-deputy-attacks-in-aws-elb-logging.html
#aws
❤1👍1🔥1
🔴 Tag Your Way In: New Privilege Escalation Technique in GCP
This post introduces a novel privilege escalation technique in Google Cloud Platform (GCP) that exploits IAM Conditions in combination with tagBindings.
https://www.mitiga.io/blog/tag-your-way-in-new-privilege-escalation-technique-in-gcp
#gcp
This post introduces a novel privilege escalation technique in Google Cloud Platform (GCP) that exploits IAM Conditions in combination with tagBindings.
https://www.mitiga.io/blog/tag-your-way-in-new-privilege-escalation-technique-in-gcp
#gcp
❤1👍1🔥1
Blog dissecting the limitations of Microsoft's activity logs, walking through real-world simulations using the msInvader tool, and highlighting what gets seen and what silently slips through the cracks.
https://www.abstract.security/blog/the-invisible-enemy-unmasking-microsoft-365s-logging-blind-spots
#azure
Please open Telegram to view this post
VIEW IN TELEGRAM
❤1👍1🔥1
🔶 S3 bucket name squatting
Post sharing findings on four AWS services - Amazon Athena, AWS Elastic Beanstalk, AWS CodePipeline, AWS Config - and the implications of bucket name squatting.
https://www.reply.com/spike-reply/en/blog/s3-bucket-name-squatting
#aws
Post sharing findings on four AWS services - Amazon Athena, AWS Elastic Beanstalk, AWS CodePipeline, AWS Config - and the implications of bucket name squatting.
https://www.reply.com/spike-reply/en/blog/s3-bucket-name-squatting
#aws
❤1👍1🔥1
🔶 Configuring Model Context Protocol (MCP) with Amazon Q CLI
This post will walk you through everything you need to know to get Amazon Q CLI up and running to use MCP.
https://blog.beachgeek.co.uk/getting-started-mcp-amazon-q-cli/
#aws
This post will walk you through everything you need to know to get Amazon Q CLI up and running to use MCP.
https://blog.beachgeek.co.uk/getting-started-mcp-amazon-q-cli/
#aws
❤1👍1🔥1
🔴 What's new in IAM, Access Risk, and Cloud Governance
At Google Cloud Next, Google announced multiple new capabilities in their IAM, Access Risk, and Cloud Governance portfolio, including: IAM, Access Risk products including VPC Service Controls, Context-Aware Access and Identity Threat Detection and Response, Cloud Governance with Organization Policy Service, and Resource Management.
https://cloud.google.com/blog/products/identity-security/whats-new-in-iam-access-risk-and-cloud-governance/
#gcp
At Google Cloud Next, Google announced multiple new capabilities in their IAM, Access Risk, and Cloud Governance portfolio, including: IAM, Access Risk products including VPC Service Controls, Context-Aware Access and Identity Threat Detection and Response, Cloud Governance with Organization Policy Service, and Resource Management.
https://cloud.google.com/blog/products/identity-security/whats-new-in-iam-access-risk-and-cloud-governance/
#gcp
❤1👍1🔥1
🔶 Use an Amazon Bedrock powered chatbot with Amazon Security Lake to help investigate incidents
How to deploy a security chatbot with a GUI and a serverless backend powered by an Amazon Bedrock agent that incorporates existing playbooks to investigate or respond to a security event.
https://aws.amazon.com/ru/blogs/security/use-an-amazon-bedrock-powered-chatbot-with-amazon-security-lake-to-help-investigate-incidents/
(Use VPN to open from Russia)
#aws
How to deploy a security chatbot with a GUI and a serverless backend powered by an Amazon Bedrock agent that incorporates existing playbooks to investigate or respond to a security event.
https://aws.amazon.com/ru/blogs/security/use-an-amazon-bedrock-powered-chatbot-with-amazon-security-lake-to-help-investigate-incidents/
(Use VPN to open from Russia)
#aws
❤1👍1🔥1
🔶 Tales from the cloud trenches: The Attacker doth persist too much
A cloud attack targeting Amazon SES and persistence via AWS Lambda, AWS IAM Identity Center and AWS IAM.
https://securitylabs.datadoghq.com/articles/tales-from-the-cloud-trenches-the-attacker-doth-persist-too-much/
#aws
A cloud attack targeting Amazon SES and persistence via AWS Lambda, AWS IAM Identity Center and AWS IAM.
https://securitylabs.datadoghq.com/articles/tales-from-the-cloud-trenches-the-attacker-doth-persist-too-much/
#aws
👍2❤1🔥1