🔶 Advanced Notice: Amazon S3 will automatically enable S3 Block Public Access and disable access control lists for all new buckets starting in April 2023
Starting in April 2023, S3 will introduce two new default bucket security settings by automatically enabling S3 Block Public Access and disabling S3 access control lists (ACLs) for all new S3 buckets. There is no change for existing buckets.
https://aws.amazon.com/ru/about-aws/whats-new/2022/12/amazon-s3-automatically-enable-block-public-access-disable-access-control-lists-buckets-april-2023
#aws
Starting in April 2023, S3 will introduce two new default bucket security settings by automatically enabling S3 Block Public Access and disabling S3 access control lists (ACLs) for all new S3 buckets. There is no change for existing buckets.
https://aws.amazon.com/ru/about-aws/whats-new/2022/12/amazon-s3-automatically-enable-block-public-access-disable-access-control-lists-buckets-april-2023
#aws
🔥3
🙂 Dear friends,
Happy New Year 2023! 🎅
We wish you success in your personal and career achievements! Stay with us. This year we will continue to delight you with only high-quality content!
#HappyNewYear
Happy New Year 2023! 🎅
We wish you success in your personal and career achievements! Stay with us. This year we will continue to delight you with only high-quality content!
#HappyNewYear
🔥5
🔷 Cross-tenant network bypass in Azure Cognitive Search
How enabling a single vulnerable feature removed the entire network and identity perimeter around internet-isolated Azure Cognitive Search instances.
https://www.mnemonic.io/resources/blog/acsessed-cross-tenant-network-bypass-in-azure-cognitive-search
#azure
How enabling a single vulnerable feature removed the entire network and identity perimeter around internet-isolated Azure Cognitive Search instances.
https://www.mnemonic.io/resources/blog/acsessed-cross-tenant-network-bypass-in-azure-cognitive-search
#azure
🔥3👍2
🔶 Cloud Cred Harvesting Campaign
A credential harvesting campaign targeting cloud infrastructure. The majority of the victim system were running public facing Juptyer Notebooks.
https://permiso.io/blog/s/christmas-cloud-cred-harvesting-campaign
#aws
A credential harvesting campaign targeting cloud infrastructure. The majority of the victim system were running public facing Juptyer Notebooks.
https://permiso.io/blog/s/christmas-cloud-cred-harvesting-campaign
#aws
🔥2
🔷 State of Azure IAM 2022
Azure IAM has seen major growth with 2710 new permissions and 60 new built-in roles added in 2022.
https://davidokeyode.medium.com/state-of-azure-iam-2022-512e66881128
#azure
Azure IAM has seen major growth with 2710 new permissions and 60 new built-in roles added in 2022.
https://davidokeyode.medium.com/state-of-azure-iam-2022-512e66881128
#azure
🔥2
🔶 Cloud penetration testing: Not your typical internal penetration test
A funny post where the author shares the stages of ignorance and awareness they encountered, so to help others progress through the early stages more quickly than they did.
https://sethsec.blogspot.com/2022/12/cloud-penetration-testing-not-your.html?m=1
#aws
A funny post where the author shares the stages of ignorance and awareness they encountered, so to help others progress through the early stages more quickly than they did.
https://sethsec.blogspot.com/2022/12/cloud-penetration-testing-not-your.html?m=1
#aws
🔥2
🔶 Taking The New Secrets Manager Lambda Extension For a Spin
Aquia’s Dakota Riley compares the performance of the Secrets Manager Lambda Extension vs using the SDK directly for secrets retrieval.
https://blog.aquia.us/blog/2023-01-01-secrets-manager-lambda-extension
#aws
Aquia’s Dakota Riley compares the performance of the Secrets Manager Lambda Extension vs using the SDK directly for secrets retrieval.
https://blog.aquia.us/blog/2023-01-01-secrets-manager-lambda-extension
#aws
🔥1
🔶 AWS Phishing: Four Ways
Post looking at some common phishing tactics in AWS: Credential Phishing, Device Authentication Phishing, CloudFormation Stack Phishing, and ACM Email Validation Phishing.
https://ramimac.me/aws-phishing
#aws
Post looking at some common phishing tactics in AWS: Credential Phishing, Device Authentication Phishing, CloudFormation Stack Phishing, and ACM Email Validation Phishing.
https://ramimac.me/aws-phishing
#aws
🔥1
🔶 SES-pionage
What do attackers do with exposed AWS access keys? This blog looks inside AWS SES to give deeper insights into the service, why & how its targeted and how to detect it.
https://permiso.io/blog/s/aws-ses-pionage-detecting-ses-abuse
#aws
What do attackers do with exposed AWS access keys? This blog looks inside AWS SES to give deeper insights into the service, why & how its targeted and how to detect it.
https://permiso.io/blog/s/aws-ses-pionage-detecting-ses-abuse
#aws
🔥2
🔶🔷🔴 Hunting for signs of persistence in the cloud: an IR guide following the CircleCI incident
Learn how to detect malicious persistence techniques in AWS, GCP, and Azure after potential initial compromise, like with the CircleCI incident.
https://www.wiz.io/blog/hunting-for-signs-of-persistence-in-the-cloud-an-ir-guide
#aws #azure #gcp
Learn how to detect malicious persistence techniques in AWS, GCP, and Azure after potential initial compromise, like with the CircleCI incident.
https://www.wiz.io/blog/hunting-for-signs-of-persistence-in-the-cloud-an-ir-guide
#aws #azure #gcp
🔥3
🔶 Detecting Anomalous AWS Sessions From Temporary Credentials - 1 of 2
Learn about short-term access keys (unofficially also known as temporary tokens or temporary credentials) in AWS, and how they can be compromised.
https://www.uptycs.com/blog/detecting-anomalous-aws-sessions-temporary-credentials
#aws
Learn about short-term access keys (unofficially also known as temporary tokens or temporary credentials) in AWS, and how they can be compromised.
https://www.uptycs.com/blog/detecting-anomalous-aws-sessions-temporary-credentials
#aws
🔥4
🔶 Cedar: A new policy language
Cedar is a new language created by AWS to define access permissions using policies, similar to the way IAM policies work today. This post explains both why this language was created and how to author policies with it.
https://onecloudplease.com/blog/cedar-a-new-policy-language
#aws
Cedar is a new language created by AWS to define access permissions using policies, similar to the way IAM policies work today. This post explains both why this language was created and how to author policies with it.
https://onecloudplease.com/blog/cedar-a-new-policy-language
#aws
🔥3
🔴 SSH key injection in Google Cloud Compute Engine
A bug which had the impact of a single-click RCE in a victim user's Compute Engine instance.
https://blog.stazot.com/ssh-key-injection-google-cloud
#gcp
A bug which had the impact of a single-click RCE in a victim user's Compute Engine instance.
https://blog.stazot.com/ssh-key-injection-google-cloud
#gcp
🔥3
🔷 Unauthenticated SSRF Vulnerability on Azure Functions
How the Orca Security team uncovered an SSRF Vulnerability in the Azure Functions app, allowing any unauthenticated user to request any URL by abusing the server.
https://orca.security/resources/blog/ssrf-vulnerabilities-azure-functions-app
#azure
How the Orca Security team uncovered an SSRF Vulnerability in the Azure Functions app, allowing any unauthenticated user to request any URL by abusing the server.
https://orca.security/resources/blog/ssrf-vulnerabilities-azure-functions-app
#azure
🔥3
🔶 AWS CloudTrail vulnerability: Undocumented API allows CloudTrail bypass
The Datadog Security Research Team identified a method to bypass CloudTrail logging for specific IAM API requests via undocumented APIs. This technique would allow an adversary to perform reconnaissance activities in the IAM service after gaining a foothold in an AWS account, without leaving any trace of their actions in CloudTrail.
https://securitylabs.datadoghq.com/articles/iamadmin-cloudtrail-bypass
#aws
The Datadog Security Research Team identified a method to bypass CloudTrail logging for specific IAM API requests via undocumented APIs. This technique would allow an adversary to perform reconnaissance activities in the IAM service after gaining a foothold in an AWS account, without leaving any trace of their actions in CloudTrail.
https://securitylabs.datadoghq.com/articles/iamadmin-cloudtrail-bypass
#aws
🔥6
🔷 Azure Active Directory Flaw Allowed SAML Persistence
A vulnerability in Azure Active Directory (Azure AD) allowed a user to retain access to a targeted Security Assertion Markup Language (SAML) application.
https://www.secureworks.com/research/azure-active-directory-flaw-allowed-saml-persistence
#azure
A vulnerability in Azure Active Directory (Azure AD) allowed a user to retain access to a targeted Security Assertion Markup Language (SAML) application.
https://www.secureworks.com/research/azure-active-directory-flaw-allowed-saml-persistence
#azure
🔥4
🔷 EmojiDeploy: Smile! Your Azure web service just got RCE’d
A remote code execution vulnerability affecting Azure cloud services and other cloud sovereigns including Function Apps, App Service and Logic Apps.
https://ermetic.com/blog/azure/emojideploy-smile-your-azure-web-service-just-got-rced
#azure
A remote code execution vulnerability affecting Azure cloud services and other cloud sovereigns including Function Apps, App Service and Logic Apps.
https://ermetic.com/blog/azure/emojideploy-smile-your-azure-web-service-just-got-rced
#azure
🔥3
🔶 Tampering User Attributes In AWS Cognito User Pools
Post explaining AWS Cognito User Attributes tampering and introducing a free lab to experiment with.
https://blog.doyensec.com/2023/01/24/tampering-unrestricted-user-attributes-aws-cognito.html
#aws
Post explaining AWS Cognito User Attributes tampering and introducing a free lab to experiment with.
https://blog.doyensec.com/2023/01/24/tampering-unrestricted-user-attributes-aws-cognito.html
#aws
🔥3
🔶🔴 Provisioning Kubernetes clusters on AWS/GCP with Terraform
Learn how you can leverage Terraform and GKE or EKS to provision identical clusters for development, staging and production environments with a single click.
https://learnk8s.io/terraform-gke
#aws #gcp
Learn how you can leverage Terraform and GKE or EKS to provision identical clusters for development, staging and production environments with a single click.
https://learnk8s.io/terraform-gke
#aws #gcp
🔥2
🔶 awslabs/iam-roles-anywhere-session
This package provides an easy way to create a refreshable boto3 Session with AWS Roles Anywhere.
https://github.com/awslabs/iam-roles-anywhere-session
#aws
This package provides an easy way to create a refreshable boto3 Session with AWS Roles Anywhere.
https://github.com/awslabs/iam-roles-anywhere-session
#aws
🔥2
🔴 GoogleCloudPlatform/security-response-automation
Take automated actions on your GCP Security Command Center findings, like:
- Automatically create disk snapshots to enable forensic investigations.
- Revoke IAM grants that violate your desired policy.
- Notify other systems such as PagerDuty, Slack or email.
https://github.com/GoogleCloudPlatform/security-response-automation
#gcp
Take automated actions on your GCP Security Command Center findings, like:
- Automatically create disk snapshots to enable forensic investigations.
- Revoke IAM grants that violate your desired policy.
- Notify other systems such as PagerDuty, Slack or email.
https://github.com/GoogleCloudPlatform/security-response-automation
#gcp
👍1🔥1