🔶 Migrating from Open Policy Agent to Amazon Verified Permissions
Post exploring the process of migrating from OPA and Rego to Verified Permissions and Cedar, including policy translation strategies, software development and testing approaches, and deployment considerations.
https://aws.amazon.com/ru/blogs/security/migrating-from-open-policy-agent-to-amazon-verified-permissions/
(Use VPN to open from Russia)
#aws
Post exploring the process of migrating from OPA and Rego to Verified Permissions and Cedar, including policy translation strategies, software development and testing approaches, and deployment considerations.
https://aws.amazon.com/ru/blogs/security/migrating-from-open-policy-agent-to-amazon-verified-permissions/
(Use VPN to open from Russia)
#aws
❤1👍1🔥1
🔶 Authorizing access to data with RAG implementations
An architecture pattern for providing strong authorization for results returned from knowledge bases with a walkthrough example of this using Amazon S3 Access Grants with Amazon Bedrock Knowledge Bases.
https://aws.amazon.com/ru/blogs/security/authorizing-access-to-data-with-rag-implementations/
(Use VPN to open from Russia)
#aws
An architecture pattern for providing strong authorization for results returned from knowledge bases with a walkthrough example of this using Amazon S3 Access Grants with Amazon Bedrock Knowledge Bases.
https://aws.amazon.com/ru/blogs/security/authorizing-access-to-data-with-rag-implementations/
(Use VPN to open from Russia)
#aws
❤1👍1🔥1
🔶 Introducing AWS Capabilities by Region for easier Regional planning and faster global deployment
AWS Capabilities by Region is a new planning tool that provides detailed visibility into AWS services, features, APIs, and CloudFormation resources across different AWS Regions, helping customers make informed decisions for global deployments and prevent costly rework through side-by-side regional comparisons and forward-looking roadmap information.
https://aws.amazon.com/ru/blogs/aws/introducing-aws-capabilities-by-region-for-easier-regional-planning-and-faster-global-deployments/
(Use VPN to open from Russia)
#aws
AWS Capabilities by Region is a new planning tool that provides detailed visibility into AWS services, features, APIs, and CloudFormation resources across different AWS Regions, helping customers make informed decisions for global deployments and prevent costly rework through side-by-side regional comparisons and forward-looking roadmap information.
https://aws.amazon.com/ru/blogs/aws/introducing-aws-capabilities-by-region-for-easier-regional-planning-and-faster-global-deployments/
(Use VPN to open from Russia)
#aws
❤1🔥1👏1
🔴 Public Report: Google Private AI Compute Review
NCC Group conducted a 100 person-day security review of Google's Private AI Compute system across two phases, evaluating architecture, cryptography, attestation, IP-blinding relay, T-Log system, and frontend components to ensure cloud-based AI processing maintains local-only privacy guarantees.
https://www.nccgroup.com/research-blog/public-report-google-private-ai-compute-review/
#gcp
NCC Group conducted a 100 person-day security review of Google's Private AI Compute system across two phases, evaluating architecture, cryptography, attestation, IP-blinding relay, T-Log system, and frontend components to ensure cloud-based AI processing maintains local-only privacy guarantees.
https://www.nccgroup.com/research-blog/public-report-google-private-ai-compute-review/
#gcp
👍2🔥2❤1
🔶 Managing AWS SSM Parameters with Terraform with External Updates
How to manage AWS SSM Parameters with Terraform using the lifecycle "ignore_changes" meta-argument, allowing external processes to update parameter values without Terraform reverting them on subsequent applies.
https://www.proactiveops.io/archive/managing-aws-ssm-parameters-with-terraform-with/
#aws
How to manage AWS SSM Parameters with Terraform using the lifecycle "ignore_changes" meta-argument, allowing external processes to update parameter values without Terraform reverting them on subsequent applies.
https://www.proactiveops.io/archive/managing-aws-ssm-parameters-with-terraform-with/
#aws
👍2❤1🔥1
🔴 Hacking Gemini: A Multi-Layered Approach
The article describes exploiting multi-layered architecture discrepancies in Gemini to bypass Markdown sanitization. The researcher achieved image injection through linkification quirks and context bridges (Gemini-to-Colab), enabling workspace data exfiltration via indirect prompt injection despite existing protections.
https://buganizer.cc/hacking-gemini-a-multi-layered-approach-md
(Use VPN to open from Russia)
#gcp
The article describes exploiting multi-layered architecture discrepancies in Gemini to bypass Markdown sanitization. The researcher achieved image injection through linkification quirks and context bridges (Gemini-to-Colab), enabling workspace data exfiltration via indirect prompt injection despite existing protections.
https://buganizer.cc/hacking-gemini-a-multi-layered-approach-md
(Use VPN to open from Russia)
#gcp
👍2❤1🔥1
🔶🔷🔴 The log rings don’t lie: historical enumeration in plain sight
Logs aren't just for defenders. This research explores how attackers exploit cloud audit logs for enumeration and reconnaissance across AWS, Azure, and GCP, and how to detect and defend.
https://www.exaforce.com/blogs/log-rings-dont-lie-historical-enumeration-in-plain-sight
#aws #azure #gcp
Logs aren't just for defenders. This research explores how attackers exploit cloud audit logs for enumeration and reconnaissance across AWS, Azure, and GCP, and how to detect and defend.
https://www.exaforce.com/blogs/log-rings-dont-lie-historical-enumeration-in-plain-sight
#aws #azure #gcp
❤1👍1🔥1
🔴 Private AI Compute: our next step in building private and helpful AI
Google introduces Private AI Compute, a cloud AI processing platform combining Gemini models with on-device-level privacy protections. It uses hardware-secured enclaves, remote attestation, and encryption to ensure personal data remains inaccessible to anyone, including Google, while enabling faster, more capable AI experiences.
https://blog.google/technology/ai/google-private-ai-compute/
#gcp
Google introduces Private AI Compute, a cloud AI processing platform combining Gemini models with on-device-level privacy protections. It uses hardware-secured enclaves, remote attestation, and encryption to ensure personal data remains inaccessible to anyone, including Google, while enabling faster, more capable AI experiences.
https://blog.google/technology/ai/google-private-ai-compute/
#gcp
❤1👍1🔥1
🔶 Weaponizing the AWS CLI for Persistence
This article demonstrates weaponizing AWS CLI aliases for stealthy persistence. A one-liner dynamically toggles alias activation to execute malicious payloads while preserving original command functionality, evading detection. The technique exfiltrates credentials post-execution and persists across sessions, useful for red team operations.
https://slayer0x.github.io/awscli/
#aws
This article demonstrates weaponizing AWS CLI aliases for stealthy persistence. A one-liner dynamically toggles alias activation to execute malicious payloads while preserving original command functionality, evading detection. The technique exfiltrates credentials post-execution and persists across sessions, useful for red team operations.
https://slayer0x.github.io/awscli/
#aws
❤1👍1🔥1
A three-tier model for classifying privileged Microsoft Entra ID roles: Tier 0 (core tenant administration/security), Tier 1 (major service component administration), and Tier 2 (limited-scope/read-only). Each tier has defined security controls, addressing inconsistencies in Microsoft's privileged role documentation.
https://trustedsec.com/blog/managing-privileged-roles-in-microsoft-entra-id-a-pragmatic-approach
#azure
Please open Telegram to view this post
VIEW IN TELEGRAM
❤1👍1🔥1
This article explores Terraform Stacks for Azure on HCP Terraform EU. It covers designing stacks with components and deployments, building modules, configuring authentication via OIDC, passing data between stacks, and operational tasks like provisioning and managing stacks at scale.
https://mattias.engineer/blog/2025/terraform-stacks-deep-dive-azure/
#azure
Please open Telegram to view this post
VIEW IN TELEGRAM
❤1👍1🔥1
🔴 Introducing the Emerging Threats Center in Google Security Operations
Google introduces the Emerging Threats Center in Google Security Operations, powered by Gemini AI. It automates detection engineering by ingesting threat intelligence, generating synthetic events, testing coverage, and creating detection rules to help security teams rapidly assess exposure and defensive posture against emerging threats.
https://cloud.google.com/blog/products/identity-security/introducing-the-emerging-threats-center-in-google-security-operations/
#gcp
Google introduces the Emerging Threats Center in Google Security Operations, powered by Gemini AI. It automates detection engineering by ingesting threat intelligence, generating synthetic events, testing coverage, and creating detection rules to help security teams rapidly assess exposure and defensive posture against emerging threats.
https://cloud.google.com/blog/products/identity-security/introducing-the-emerging-threats-center-in-google-security-operations/
#gcp
❤1👍1🔥1
🔶 Simplify access to external services using AWS IAM Outbound Identity Federation
AWS IAM now enables outbound identity federation, allowing developers to securely authenticate AWS workloads with external services using short-lived JSON Web Tokens instead of storing long-term credentials like API keys and passwords.
https://aws.amazon.com/ru/blogs/aws/simplify-access-to-external-services-using-aws-iam-outbound-identity-federation/
(Use VPN to open from Russia)
#aws
AWS IAM now enables outbound identity federation, allowing developers to securely authenticate AWS workloads with external services using short-lived JSON Web Tokens instead of storing long-term credentials like API keys and passwords.
https://aws.amazon.com/ru/blogs/aws/simplify-access-to-external-services-using-aws-iam-outbound-identity-federation/
(Use VPN to open from Russia)
#aws
❤1👍1🔥1
🔶 Phishing for AWS Credentials via the New ‘aws login’ Flow
The new aws login command, designed to provide temporary credentials for local development, can be exploited by attackers for phishing, even bypassing phishing-resistant MFA.
https://medium.com/@adan.alvarez/phishing-for-aws-credentials-via-the-new-aws-login-flow-39f6969b4eae
(Use VPN to open from Russia)
#aws
The new aws login command, designed to provide temporary credentials for local development, can be exploited by attackers for phishing, even bypassing phishing-resistant MFA.
https://medium.com/@adan.alvarez/phishing-for-aws-credentials-via-the-new-aws-login-flow-39f6969b4eae
(Use VPN to open from Russia)
#aws
❤1👍1🔥1
🔶 Introducing guidelines for network scanning
AWS introduces network scanning guidelines for customer workloads to distinguish legitimate security scans from malicious activity.
https://aws.amazon.com/ru/blogs/security/introducing-guidelines-for-network-scanning/
(Use VPN to open from Russia)
#aws
AWS introduces network scanning guidelines for customer workloads to distinguish legitimate security scans from malicious activity.
https://aws.amazon.com/ru/blogs/security/introducing-guidelines-for-network-scanning/
(Use VPN to open from Russia)
#aws
❤1👍1🔥1
🔶 AWS Secrets Manager launches Managed External Secrets for Third-Party Credentials
AWS Secrets Manager introduces managed external secrets for third-party credentials like Salesforce, Snowflake, and BigID.
https://aws.amazon.com/ru/blogs/security/aws-secrets-manager-launches-managed-external-secrets-for-third-party-credentials/
(Use VPN to open from Russia)
#aws
AWS Secrets Manager introduces managed external secrets for third-party credentials like Salesforce, Snowflake, and BigID.
https://aws.amazon.com/ru/blogs/security/aws-secrets-manager-launches-managed-external-secrets-for-third-party-credentials/
(Use VPN to open from Russia)
#aws
❤1👍1🔥1
🔶 Introducing VPC encryption controls: Enforce encryption in transit within and across VPCs in a Region
AWS announces VPC encryption controls, a new capability that helps organizations audit and enforce encryption in transit for all traffic within and across VPCs in a Region, simplifying compliance with regulatory frameworks like HIPAA, PCI DSS, and FedRAMP through automated monitoring and enforcement modes.
https://aws.amazon.com/ru/blogs/aws/introducing-vpc-encryption-controls-enforce-encryption-in-transit-within-and-across-vpcs-in-a-region/
(Use VPN to open from Russia)
#aws
AWS announces VPC encryption controls, a new capability that helps organizations audit and enforce encryption in transit for all traffic within and across VPCs in a Region, simplifying compliance with regulatory frameworks like HIPAA, PCI DSS, and FedRAMP through automated monitoring and enforcement modes.
https://aws.amazon.com/ru/blogs/aws/introducing-vpc-encryption-controls-enforce-encryption-in-transit-within-and-across-vpcs-in-a-region/
(Use VPN to open from Russia)
#aws
❤2👍2🔥1
Azure API Management exposes managed identity certificates with private keys in plaintext through an undocumented configuration API used by self-hosted gateways. Attackers with gateway keys can extract these certificates for persistent backdoor access.
https://dazesecurity.io/blog/apimMIVuln
(Use VPN to open from Russia)
#azure
Please open Telegram to view this post
VIEW IN TELEGRAM
❤1👍1🔥1
🔶 Amazon CloudFront mTLS with open-source serverless CA
A step-by-step guide on implementing mTLS for Amazon CloudFront using our open-source cloud CA.
https://medium.com/@paulschwarzenberger/amazon-cloudfront-mtls-with-open-source-serverless-ca-f49ce2bc9874
(Use VPN to open from Russia)
#aws
A step-by-step guide on implementing mTLS for Amazon CloudFront using our open-source cloud CA.
https://medium.com/@paulschwarzenberger/amazon-cloudfront-mtls-with-open-source-serverless-ca-f49ce2bc9874
(Use VPN to open from Russia)
#aws
❤1👍1🔥1
🔶 Introducing AWS Lambda Managed Instances: Serverless simplicity with EC2 flexibility
Run Lambda functions on EC2 compute while maintaining serverless simplicity—enabling access to specialized hardware and cost optimizations through EC2 pricing models, with AWS handling all infrastructure management.
https://aws.amazon.com/ru/blogs/aws/introducing-aws-lambda-managed-instances-serverless-simplicity-with-ec2-flexibility/
(Use VPN to open from Russia)
#aws
Run Lambda functions on EC2 compute while maintaining serverless simplicity—enabling access to specialized hardware and cost optimizations through EC2 pricing models, with AWS handling all infrastructure management.
https://aws.amazon.com/ru/blogs/aws/introducing-aws-lambda-managed-instances-serverless-simplicity-with-ec2-flexibility/
(Use VPN to open from Russia)
#aws
❤1👍1🔥1
🔶 Amazon CloudWatch introduces unified data management and analytics for operations, security, and compliance
CloudWatch can automatically normalize and process data to offer consistency across sources with built-in support for Open Cybersecurity Schema Framework (OCSF) and Open Telemetry (OTel) formats, so you can focus on analytics and insights.
https://aws.amazon.com/ru/blogs/aws/amazon-cloudwatch-introduces-unified-data-management-and-analytics-for-operations-security-and-compliance/
(Use VPN to open from Russia)
#aws
CloudWatch can automatically normalize and process data to offer consistency across sources with built-in support for Open Cybersecurity Schema Framework (OCSF) and Open Telemetry (OTel) formats, so you can focus on analytics and insights.
https://aws.amazon.com/ru/blogs/aws/amazon-cloudwatch-introduces-unified-data-management-and-analytics-for-operations-security-and-compliance/
(Use VPN to open from Russia)
#aws
❤1👍1🔥1