🔴 Removing GitHub PATs and Private Keys From Google Cloud: Extending Token Server to Google Cloud
This article introduces the technologies, challenges, and solutions behind extending Token Server and migrating workloads on Google Cloud to use short-lived credentials.
https://engineering.mercari.com/en/blog/entry/20241203-token-server-google-cloud/
#gcp
This article introduces the technologies, challenges, and solutions behind extending Token Server and migrating workloads on Google Cloud to use short-lived credentials.
https://engineering.mercari.com/en/blog/entry/20241203-token-server-google-cloud/
#gcp
❤1👍1🔥1
🔴 Mark Your Calendar: APT41 Innovative Tactics
Post which analyzes the malware delivery methods, technical details of the malware attack chain, discuss other recent APT41 activities, and share indicators of compromise (IOCs) to help security practitioners defend against similar attacks.
https://cloud.google.com/blog/topics/threat-intelligence/apt41-innovative-tactics/
#gcp
Post which analyzes the malware delivery methods, technical details of the malware attack chain, discuss other recent APT41 activities, and share indicators of compromise (IOCs) to help security practitioners defend against similar attacks.
https://cloud.google.com/blog/topics/threat-intelligence/apt41-innovative-tactics/
#gcp
❤2👍1🔥1
🔶 How to set up and track SLAs for resolving Security Hub findings
Step-by-step instructions for tracking Security Hub findings in each severity category against service-level agreements (SLAs) through visual dashboards.
https://aws.amazon.com/ru/blogs/security/how-to-set-up-and-track-slas-for-resolving-security-hub-findings/
(Use VPN to open from Russia)
#aws
Step-by-step instructions for tracking Security Hub findings in each severity category against service-level agreements (SLAs) through visual dashboards.
https://aws.amazon.com/ru/blogs/security/how-to-set-up-and-track-slas-for-resolving-security-hub-findings/
(Use VPN to open from Russia)
#aws
❤1👍1🔥1
🔴 Safer automated deployments with new Cloud Deploy features
New automations in the Cloud Deploy continuous delivery platform help keep production environments reliable and up-to-date.
https://cloud.google.com/blog/products/devops-sre/new-cloud-deploy-features-for-automated-deployments/
#gcp
New automations in the Cloud Deploy continuous delivery platform help keep production environments reliable and up-to-date.
https://cloud.google.com/blog/products/devops-sre/new-cloud-deploy-features-for-automated-deployments/
#gcp
❤1👍1🔥1
🔶 boto3-refresh-session
A simple Python package for refreshing AWS temporary credentials in boto3 automatically.
https://github.com/michaelthomasletts/boto3-refresh-session
#aws
A simple Python package for refreshing AWS temporary credentials in boto3 automatically.
https://github.com/michaelthomasletts/boto3-refresh-session
#aws
❤1👍1🔥1
SOCKS5 proxy tool that uses Azure Blob Storage as a means of communication.
https://github.com/quarkslab/proxyblob
#azure
Please open Telegram to view this post
VIEW IN TELEGRAM
❤1👍1🔥1
Post exploring Azure Arc's overlooked C2aaS potential: attacking and defending against its usage and exploring use cases for Red Teams.
https://blog.zsec.uk/azure-arc-c2aas/
#azure
Please open Telegram to view this post
VIEW IN TELEGRAM
❤1👍1🔥1
🔶 CloudTrail Logging Evasion: Where Policy Size Matters
Permiso uncovered a subtle yet critical logging evasion vulnerability within AWS environments - mainly the differing size limitations of individual AWS CloudTrail logs versus the actual content being logged. By exploiting whitespace and other syntactic quirks, an attacker can create valid IAM policies that effectively bypass CloudTrail logging.
https://permiso.io/blog/cloudtrail-logging-evasion-where-policy-size-matters
#aws
Permiso uncovered a subtle yet critical logging evasion vulnerability within AWS environments - mainly the differing size limitations of individual AWS CloudTrail logs versus the actual content being logged. By exploiting whitespace and other syntactic quirks, an attacker can create valid IAM policies that effectively bypass CloudTrail logging.
https://permiso.io/blog/cloudtrail-logging-evasion-where-policy-size-matters
#aws
❤1👍1🔥1
Unit 42 researchers discovered an issue with Azure OpenAI's Domain Name System (DNS) resolution logic that could have enabled cross-tenant data leaks and meddler-in-the-middle (MitM) attacks.
https://unit42.paloaltonetworks.com/azure-openai-dns-resolution/
#azure
Please open Telegram to view this post
VIEW IN TELEGRAM
❤1👍1🔥1
🔴 The Cost of a Call: From Voice Phishing to Data Extortion
UNC6040 uses vishing to impersonate IT support, deceiving victims into granting access to their Salesforce instances.
https://cloud.google.com/blog/topics/threat-intelligence/voice-phishing-data-extortion
#gcp
UNC6040 uses vishing to impersonate IT support, deceiving victims into granting access to their Salesforce instances.
https://cloud.google.com/blog/topics/threat-intelligence/voice-phishing-data-extortion
#gcp
❤1👍1🔥1
🔶 Implementing just-in-time privileged access to AWS with Microsoft Entra and AWS IAM Identity Center
By using security groups in Entra and mapping them to permission sets in IAM Identity Center, you can automate the provisioning and deprovisioning of privileged access based on defined policies and approval workflows.
https://aws.amazon.com/ru/blogs/security/implementing-just-in-time-privileged-access-to-aws-with-microsoft-entra-and-aws-iam-identity-center/
#aws
By using security groups in Entra and mapping them to permission sets in IAM Identity Center, you can automate the provisioning and deprovisioning of privileged access based on defined policies and approval workflows.
https://aws.amazon.com/ru/blogs/security/implementing-just-in-time-privileged-access-to-aws-with-microsoft-entra-and-aws-iam-identity-center/
#aws
❤1👍1🔥1
Post covering some methods attackers may use now or in the near future to maintain access to Entra ID (formerly Azure AD) once they've obtained a privileged foothold.
https://kknowl.es/posts/defending-against-entra-id-persistence/
#azure
Please open Telegram to view this post
VIEW IN TELEGRAM
Please open Telegram to view this post
VIEW IN TELEGRAM
❤1👍1🔥1
🔶 Roles Here? Roles There? Roles Anywhere: Exploring the Security of AWS IAM Roles Anywhere
This examination of the AWS Roles Anywhere service looks at potential risks, analyzed from both defender and attacker perspectives.
https://unit42.paloaltonetworks.com/aws-roles-anywhere/
#aws
This examination of the AWS Roles Anywhere service looks at potential risks, analyzed from both defender and attacker perspectives.
https://unit42.paloaltonetworks.com/aws-roles-anywhere/
#aws
❤1👍1🔥1
🔶 Introducing the AWS Security Champion Knowledge Path and digital badge
The Security Champion Knowledge path is an educational framework designed to empower developers and software engineers with essential AWS cloud security knowledge and best practices.
https://aws.amazon.com/ru/blogs/security/introducing-the-aws-security-champion-knowledge-path-and-digital-badge/
#aws
The Security Champion Knowledge path is an educational framework designed to empower developers and software engineers with essential AWS cloud security knowledge and best practices.
https://aws.amazon.com/ru/blogs/security/introducing-the-aws-security-champion-knowledge-path-and-digital-badge/
#aws
❤4🔥2👍1
🔶 Introducing AWS API models and publicly available resources for AWS API definitions
AWS now provides daily updates of Smithy API models on GitHub, enabling developers to build custom SDK clients, understand AWS API behaviors, and create developer tools for better AWS service integration.
https://aws.amazon.com/ru/blogs/aws/introducing-aws-api-models-and-publicly-available-resources-for-aws-api-definitions/
(Use VPN to open from Russia)
#aws
AWS now provides daily updates of Smithy API models on GitHub, enabling developers to build custom SDK clients, understand AWS API behaviors, and create developer tools for better AWS service integration.
https://aws.amazon.com/ru/blogs/aws/introducing-aws-api-models-and-publicly-available-resources-for-aws-api-definitions/
(Use VPN to open from Russia)
#aws
❤1👍1🔥1
🔶 How to use on-demand rotation for AWS KMS imported keys
AWS announced support for on-demand rotation of symmetric encryption AWS Key Management Service (AWS KMS) keys with imported key material (EXTERNAL origin). This new capability enables you to rotate the cryptographic key material of these keys without changing the key identifier.
https://aws.amazon.com/ru/blogs/security/how-to-use-on-demand-rotation-for-aws-kms-imported-keys/
(Use VPN to open from Russia)
#aws
AWS announced support for on-demand rotation of symmetric encryption AWS Key Management Service (AWS KMS) keys with imported key material (EXTERNAL origin). This new capability enables you to rotate the cryptographic key material of these keys without changing the key identifier.
https://aws.amazon.com/ru/blogs/security/how-to-use-on-demand-rotation-for-aws-kms-imported-keys/
(Use VPN to open from Russia)
#aws
❤1👍1🔥1
🔶 Securing Amazon Redshift
How to manage access in Amazon Redshift, focusing on best practices for security.
https://dev.to/awscommunity-asean/securing-amazon-redshift-best-practices-for-access-control-15l6
#aws
How to manage access in Amazon Redshift, focusing on best practices for security.
https://dev.to/awscommunity-asean/securing-amazon-redshift-best-practices-for-access-control-15l6
#aws
❤1👍1🔥1
🔴 How Google Cloud is securing open-source credentials at scale
Google developed a tool to scan open-source package and image files by default for leaked Google Cloud credentials to help protect Google Cloud customers who publish open-source artifacts.
https://cloud.google.com/blog/products/identity-security/securing-open-source-credentials-at-scale
#gcp
Google developed a tool to scan open-source package and image files by default for leaked Google Cloud credentials to help protect Google Cloud customers who publish open-source artifacts.
https://cloud.google.com/blog/products/identity-security/securing-open-source-credentials-at-scale
#gcp
❤1👍1🔥1
🔶 Amazon GuardDuty expands Extended Threat Detection coverage to Amazon EKS clusters
GuardDuty Extended Threat Detection introduces a new critical severity finding type, which automatically correlates security signals across Amazon EKS audit logs, runtime behaviors of processes associated with EKS clusters, malware execution in EKS clusters, and AWS API activity to identify sophisticated attack patterns that might otherwise go unnoticed.
https://aws.amazon.com/ru/blogs/aws/amazon-guardduty-expands-extended-threat-detection-coverage-to-amazon-eks-clusters/
(Use VPN to open from Russia)
#aws
GuardDuty Extended Threat Detection introduces a new critical severity finding type, which automatically correlates security signals across Amazon EKS audit logs, runtime behaviors of processes associated with EKS clusters, malware execution in EKS clusters, and AWS API activity to identify sophisticated attack patterns that might otherwise go unnoticed.
https://aws.amazon.com/ru/blogs/aws/amazon-guardduty-expands-extended-threat-detection-coverage-to-amazon-eks-clusters/
(Use VPN to open from Russia)
#aws
❤1👍1🔥1
🔶 AWS Backup adds new Multi-party approval for logically air-gapped vaults
Multi-party approval for AWS Backup logically air-gapped vaults enables organizations to recover their backup data even when their AWS account is compromised, by creating approval teams of trusted individuals who can authorize vault sharing with a recovery account through a separate authentication path.
https://aws.amazon.com/ru/blogs/aws/aws-backup-adds-new-multi-party-approval-for-logically-air-gapped-vaults/
(Use VPN to open from Russia)
#aws
Multi-party approval for AWS Backup logically air-gapped vaults enables organizations to recover their backup data even when their AWS account is compromised, by creating approval teams of trusted individuals who can authorize vault sharing with a recovery account through a separate authentication path.
https://aws.amazon.com/ru/blogs/aws/aws-backup-adds-new-multi-party-approval-for-logically-air-gapped-vaults/
(Use VPN to open from Russia)
#aws
❤1👍1🔥1