🔴 Policy Controller dashboard: Now available for all Anthos and GKE environments

Policy Controller enforces programmable policies for Anthos clusters, which you can manage through the enhanced Policy Controller dashboard.

https://cloud.google.com/blog/products/containers-kubernetes/new-features-and-integrations-for-policy-controller-dashboard

#gcp

🔶 Simplify the Investigation of AWS Security Findings with Amazon Detective

Detective now offers investigation support for findings in AWS Security Hub in addition to those detected by GuardDuty.

https://aws.amazon.com/ru/blogs/aws/new-simplify-the-investigation-of-aws-security-findings-with-amazon-detective

#aws

🔷 Bridging the Security Gap: Mitigating Lateral Movement Risks from On-Premises to Cloud Environments

This blog post discusses lateral movement risks from on-prem to the cloud, explaining attacker TTPs, and outlining best practices for cloud builders and defenders to help secure their cloud environments and mitigate risk.

https://www.wiz.io/blog/lateral-movement-risks-in-the-cloud-and-how-to-prevent-them-part-4-from-compromis

#azure

🔶 Unmasking GUI-Vil: Financially Motivated Cloud Threat Actor

This article describes the attack lifecycle and detection opportunities for a cloud-focused, financially motivated threat actor.

https://permiso.io/blog/s/unmasking-guivil-new-cloud-threat-actor

#aws

🔷 Tampering with Conditional Access Policies Using Azure AD Graph API

Modifications made using AADGraph are not properly logged, endangering integrity and non-repudiation of Azure AD policies.

https://www.secureworks.com/research/tampering-with-conditional-access-policies-using-azure-ad-graph-api

#azure

🔶 Is Cloud Forensics just Log Analysis? Kind Of.

The article discusses the differences between traditional forensics and cloud forensics, highlighting the importance of understanding cloud-specific artifacts and logs.

https://www.cadosecurity.com/is-cloud-forensics-just-log-analysis-kind-of

#aws

🔶 AWS Lambda Function: IAM User Password Expiry Notice

Walk through the necessary steps to set up an AWS Lambda function to email notifications to IAM Users when their AWS Web Console passwords are expiring.

https://blog.jennasrunbooks.com/aws-lambda-function-iam-user-password-expiry-notice-ses-boto3-terraform

#aws

🔴 Google Trust Services ACME API available to all users at no cost

Google now offers general availability of Google Trust Services ACME endpoint allowing anyone to get TLS certificates for their websites for free.

https://security.googleblog.com/2023/05/google-trust-services-acme-api_0503894189.html

#gcp

🔶 Misconfiguration Spotlight: Securing the EC2 Instance Metadata Service

A look at how the EC2 Instance Metadata Service can be taken advantage of.

https://securitylabs.datadoghq.com/articles/misconfiguration-spotlight-imds

#aws

🔶 How to get rid of AWS access keys - Part 1: The easy wins

Learn how to identify unused and unnecessary long-lived IAM User access keys.

https://www.wiz.io/blog/how-to-get-rid-of-aws-access-keys-part-1-the-easy-wins

#aws

🔶 How to choose the right API Gateway auth method

API Gateway supports quite a few authentication and authorization methods, plus, you can always authenticate users inside your endpoint. So, the big question is, how do you choose the right one for your API?

https://theburningmonk.com/2020/06/how-to-choose-the-right-api-gateway-auth-method

#aws

🔶 Detect Anomalies In Our AWS Infrastructure

Low-maintenance Cloud-Based Anomaly Detection System with Bytewax, Redpanda, and AWS.

https://bytewax.io/blog/aws-anomaly-detection

#aws

🔷 OneDrive to Enum Them All

TrustedSec researchers have discovered a OneDrive enumeration vulnerability that could allow an attacker to discover the email addresses of OneDrive users. You can also refer to the companion tool.

https://www.trustedsec.com/blog/onedrive-to-enum-them-all

#azure

🔶 7 lesser-known AWS SSM Document techniques for code execution

A deep dive into AWS SSM Run Command shows that there are multiple documents attackers can use for executing code remotely on EC2 instances.

https://securitycafe.ro/2023/04/19/7-lesser-known-aws-ssm-document-techniques-for-code-execution

#aws

🔶 We reported a security issue in AWS CDK's eks.Cluster component

Two sleuthing SREs uncovered an AWS security issue. Here's how they found it, why it matters, and what you need to do to resolve it.

https://garden.io/blog/aws-security-issue

#aws

🔶 Scaling Authorization with Cedar and OPAL

A practical tutorial to build a comprehensive Cedar-based application authorization system.

https://www.permit.io/blog/scaling-authorization-with-cedar-and-opal

#aws

🔶 Implementing machine-to-machine authentication for services behind an AWS ALB with OIDC

Post delving into the possibilities of enforcing machine-to-machine (m2m) authentication using OIDC (OpenID Connect) at a high level when utilizing an AWS ALB.

https://medium.com/@hettiarachchi.yashodha/enforcing-machine-to-machine-authentication-for-services-behind-an-aws-alb-part-2-e06707e6f366

(use VPN to open from Russia)

#aws

🔶 Messing Around With AWS Batch For Privilege Escalations

How to achieve privilege escalation via misconfigured AWS Batch.

https://blog.doyensec.com/2023/06/13/messing-around-with-aws-batch-for-privilege-escalations.html

#aws

🔶 AWS API Gateway header smuggling and cache confusion

Post diving into two potential security issues identified in AWS API Gateway authorizers.

https://securityblog.omegapoint.se/en/writeup-apigw

#aws

🔶 Spotted: How we discovered Privilege Escalation, missing CloudTrail data and a race condition in AWS Directory Service

A set of bugs in AWS Directory Service. One of them could be used for privilege escalation by an authenticated user with sufficient permissions.

https://cloudar.be/awsblog/spotted-privilege-escalation-in-aws-directory-service

#aws

🔶 AWS Pentest Methodology

A high-level methodology of how one could conduct a penetration test inside the AWS platform.

https://medium.com/@MorattiSec/my-aws-pentest-methodology-14c333b7fb58

(use VPN to open from Russia)

#aws