🔴 Cloud Run Security design overview
This article outlines the security features provided by Cloud Run, including automatic TLS encryption, secure communication between services, and integration with Cloud IAM for access control.
https://cloud.google.com/run/docs/securing/security
#gcp
This article outlines the security features provided by Cloud Run, including automatic TLS encryption, secure communication between services, and integration with Cloud IAM for access control.
https://cloud.google.com/run/docs/securing/security
#gcp
👍2🔥2👏1
🔶 An AWS IAM Wishlist
A wishlist of AWS IAM feature requests: IAM Authorization Debugging, Mapping of API Calls/IAM Permissions/CloudTrail Events, SCP Audit Mode, SCP for Resources, and API Request Parameters as Condition Keys.
https://www.zeuscloud.io/post/an-aws-iam-wishlist
#aws
A wishlist of AWS IAM feature requests: IAM Authorization Debugging, Mapping of API Calls/IAM Permissions/CloudTrail Events, SCP Audit Mode, SCP for Resources, and API Request Parameters as Condition Keys.
https://www.zeuscloud.io/post/an-aws-iam-wishlist
#aws
🔥3👍1👏1
🔶🔷 Manage multiple Terraform projects in monorepo
A look at one possible way to organize and manage a monorepo setup, which will contain multiple projects and Terraform modules, with deployments spanning across multiple targets such as AWS accounts or Azure subnoscriptions.
https://janik6n.net/posts/manage-multiple-terraform-projects-in-monorepo
#aws #azure
A look at one possible way to organize and manage a monorepo setup, which will contain multiple projects and Terraform modules, with deployments spanning across multiple targets such as AWS accounts or Azure subnoscriptions.
https://janik6n.net/posts/manage-multiple-terraform-projects-in-monorepo
#aws #azure
🔥2👍1😱1
🔴 Google I/O 2023: Making AI more helpful for everyone
A summary of what Google announced at Google I/O 2023.
https://blog.google/technology/ai/google-io-2023-keynote-sundar-pichai
#gcp
A summary of what Google announced at Google I/O 2023.
https://blog.google/technology/ai/google-io-2023-keynote-sundar-pichai
#gcp
👍1🔥1😱1
🔶 Attacking and securing cloud identities in managed Kubernetes part 1: Amazon EKS
This post provides a deep dive into how Amazon EKS IAM works, and several attack vectors to pivot from an EKS cluster to an AWS environment.
https://securitylabs.datadoghq.com/articles/amazon-eks-attacking-securing-cloud-identities
#aws
This post provides a deep dive into how Amazon EKS IAM works, and several attack vectors to pivot from an EKS cluster to an AWS environment.
https://securitylabs.datadoghq.com/articles/amazon-eks-attacking-securing-cloud-identities
#aws
🔥4👍1👏1
🔷 Understanding Azure logging capabilities in depth
Azure includes lots of great technologies, which can be used for logging purpose. Currently, Microsoft is transitioning from v1-method (MMA) to v2-method using DCRs.
https://mortenknudsen.net/?p=1433
#azure
Azure includes lots of great technologies, which can be used for logging purpose. Currently, Microsoft is transitioning from v1-method (MMA) to v2-method using DCRs.
https://mortenknudsen.net/?p=1433
#azure
🔥2👍1😱1
🔶 Connecting Block Business Units with AWS API Gateway
How Block enables backend services to securely connect across business unit boundaries using AWS API Gateway.
https://developer.squareup.com/blog/connecting-block-business-units-with-aws-api-gateway/
(Use VPN to open from Russia)
#aws
How Block enables backend services to securely connect across business unit boundaries using AWS API Gateway.
https://developer.squareup.com/blog/connecting-block-business-units-with-aws-api-gateway/
(Use VPN to open from Russia)
#aws
👍3🔥1🤯1
🔴 Policy Controller dashboard: Now available for all Anthos and GKE environments
Policy Controller enforces programmable policies for Anthos clusters, which you can manage through the enhanced Policy Controller dashboard.
https://cloud.google.com/blog/products/containers-kubernetes/new-features-and-integrations-for-policy-controller-dashboard
#gcp
Policy Controller enforces programmable policies for Anthos clusters, which you can manage through the enhanced Policy Controller dashboard.
https://cloud.google.com/blog/products/containers-kubernetes/new-features-and-integrations-for-policy-controller-dashboard
#gcp
🔥4👍1👏1
🔶 Simplify the Investigation of AWS Security Findings with Amazon Detective
Detective now offers investigation support for findings in AWS Security Hub in addition to those detected by GuardDuty.
https://aws.amazon.com/ru/blogs/aws/new-simplify-the-investigation-of-aws-security-findings-with-amazon-detective
#aws
Detective now offers investigation support for findings in AWS Security Hub in addition to those detected by GuardDuty.
https://aws.amazon.com/ru/blogs/aws/new-simplify-the-investigation-of-aws-security-findings-with-amazon-detective
#aws
👍4🔥2👏1
🔷 Bridging the Security Gap: Mitigating Lateral Movement Risks from On-Premises to Cloud Environments
This blog post discusses lateral movement risks from on-prem to the cloud, explaining attacker TTPs, and outlining best practices for cloud builders and defenders to help secure their cloud environments and mitigate risk.
https://www.wiz.io/blog/lateral-movement-risks-in-the-cloud-and-how-to-prevent-them-part-4-from-compromis
#azure
This blog post discusses lateral movement risks from on-prem to the cloud, explaining attacker TTPs, and outlining best practices for cloud builders and defenders to help secure their cloud environments and mitigate risk.
https://www.wiz.io/blog/lateral-movement-risks-in-the-cloud-and-how-to-prevent-them-part-4-from-compromis
#azure
🔥3👍1👏1
🔶 Unmasking GUI-Vil: Financially Motivated Cloud Threat Actor
This article describes the attack lifecycle and detection opportunities for a cloud-focused, financially motivated threat actor.
https://permiso.io/blog/s/unmasking-guivil-new-cloud-threat-actor
#aws
This article describes the attack lifecycle and detection opportunities for a cloud-focused, financially motivated threat actor.
https://permiso.io/blog/s/unmasking-guivil-new-cloud-threat-actor
#aws
👍3🔥2🤔1
🔷 Tampering with Conditional Access Policies Using Azure AD Graph API
Modifications made using AADGraph are not properly logged, endangering integrity and non-repudiation of Azure AD policies.
https://www.secureworks.com/research/tampering-with-conditional-access-policies-using-azure-ad-graph-api
#azure
Modifications made using AADGraph are not properly logged, endangering integrity and non-repudiation of Azure AD policies.
https://www.secureworks.com/research/tampering-with-conditional-access-policies-using-azure-ad-graph-api
#azure
👍1🔥1👏1
🔶 Is Cloud Forensics just Log Analysis? Kind Of.
The article discusses the differences between traditional forensics and cloud forensics, highlighting the importance of understanding cloud-specific artifacts and logs.
https://www.cadosecurity.com/is-cloud-forensics-just-log-analysis-kind-of
#aws
The article discusses the differences between traditional forensics and cloud forensics, highlighting the importance of understanding cloud-specific artifacts and logs.
https://www.cadosecurity.com/is-cloud-forensics-just-log-analysis-kind-of
#aws
👍4🔥2🤔1
🔶 AWS Lambda Function: IAM User Password Expiry Notice
Walk through the necessary steps to set up an AWS Lambda function to email notifications to IAM Users when their AWS Web Console passwords are expiring.
https://blog.jennasrunbooks.com/aws-lambda-function-iam-user-password-expiry-notice-ses-boto3-terraform
#aws
Walk through the necessary steps to set up an AWS Lambda function to email notifications to IAM Users when their AWS Web Console passwords are expiring.
https://blog.jennasrunbooks.com/aws-lambda-function-iam-user-password-expiry-notice-ses-boto3-terraform
#aws
👍3🔥2🤔1
🔴 Google Trust Services ACME API available to all users at no cost
Google now offers general availability of Google Trust Services ACME endpoint allowing anyone to get TLS certificates for their websites for free.
https://security.googleblog.com/2023/05/google-trust-services-acme-api_0503894189.html
#gcp
Google now offers general availability of Google Trust Services ACME endpoint allowing anyone to get TLS certificates for their websites for free.
https://security.googleblog.com/2023/05/google-trust-services-acme-api_0503894189.html
#gcp
👍5🔥1👏1
🔶 Misconfiguration Spotlight: Securing the EC2 Instance Metadata Service
A look at how the EC2 Instance Metadata Service can be taken advantage of.
https://securitylabs.datadoghq.com/articles/misconfiguration-spotlight-imds
#aws
A look at how the EC2 Instance Metadata Service can be taken advantage of.
https://securitylabs.datadoghq.com/articles/misconfiguration-spotlight-imds
#aws
👍4🔥1👏1
🔶 How to get rid of AWS access keys - Part 1: The easy wins
Learn how to identify unused and unnecessary long-lived IAM User access keys.
https://www.wiz.io/blog/how-to-get-rid-of-aws-access-keys-part-1-the-easy-wins
#aws
Learn how to identify unused and unnecessary long-lived IAM User access keys.
https://www.wiz.io/blog/how-to-get-rid-of-aws-access-keys-part-1-the-easy-wins
#aws
👍3🔥1👏1
🔶 How to choose the right API Gateway auth method
API Gateway supports quite a few authentication and authorization methods, plus, you can always authenticate users inside your endpoint. So, the big question is, how do you choose the right one for your API?
https://theburningmonk.com/2020/06/how-to-choose-the-right-api-gateway-auth-method
#aws
API Gateway supports quite a few authentication and authorization methods, plus, you can always authenticate users inside your endpoint. So, the big question is, how do you choose the right one for your API?
https://theburningmonk.com/2020/06/how-to-choose-the-right-api-gateway-auth-method
#aws
👍4🔥2👏1
🔶 Detect Anomalies In Our AWS Infrastructure
Low-maintenance Cloud-Based Anomaly Detection System with Bytewax, Redpanda, and AWS.
https://bytewax.io/blog/aws-anomaly-detection
#aws
Low-maintenance Cloud-Based Anomaly Detection System with Bytewax, Redpanda, and AWS.
https://bytewax.io/blog/aws-anomaly-detection
#aws
👍4🔥1👏1
🔷 OneDrive to Enum Them All
TrustedSec researchers have discovered a OneDrive enumeration vulnerability that could allow an attacker to discover the email addresses of OneDrive users. You can also refer to the companion tool.
https://www.trustedsec.com/blog/onedrive-to-enum-them-all
#azure
TrustedSec researchers have discovered a OneDrive enumeration vulnerability that could allow an attacker to discover the email addresses of OneDrive users. You can also refer to the companion tool.
https://www.trustedsec.com/blog/onedrive-to-enum-them-all
#azure
👍3❤2🔥2👏1
🔶 7 lesser-known AWS SSM Document techniques for code execution
A deep dive into AWS SSM Run Command shows that there are multiple documents attackers can use for executing code remotely on EC2 instances.
https://securitycafe.ro/2023/04/19/7-lesser-known-aws-ssm-document-techniques-for-code-execution
#aws
A deep dive into AWS SSM Run Command shows that there are multiple documents attackers can use for executing code remotely on EC2 instances.
https://securitycafe.ro/2023/04/19/7-lesser-known-aws-ssm-document-techniques-for-code-execution
#aws
🔥3👍2❤1👏1