🔶 Adopt Open ID Connect (OIDC) in Terraform for secure multi-account CI/CD to AWS
Deploy to AWS with Terraform and GitHub Actions using Open ID Connect (OIDC) and IAM AssumeRoleWithWebIdentity. Say goodbye to IAM users and long-lived credentials.
https://hedrange.com/2023/10/07/adopt-open-id-connect-oidc-in-terraform-for-secure-multi-account-ci-cd-to-aws/
#aws
Deploy to AWS with Terraform and GitHub Actions using Open ID Connect (OIDC) and IAM AssumeRoleWithWebIdentity. Say goodbye to IAM users and long-lived credentials.
https://hedrange.com/2023/10/07/adopt-open-id-connect-oidc-in-terraform-for-secure-multi-account-ci-cd-to-aws/
#aws
👍4🔥2❤1
🔷 Everything you need to know about the Microsoft Graph Activity Logs
An introduction on the new Graph APIs that can help incident responders close some visibility gaps.
https://invictus-ir.medium.com/everything-you-need-to-know-about-the-microsoftgraphactivitylogs-5bd7c158dc1c
(Use VPN to open from Russia)
#azure
An introduction on the new Graph APIs that can help incident responders close some visibility gaps.
https://invictus-ir.medium.com/everything-you-need-to-know-about-the-microsoftgraphactivitylogs-5bd7c158dc1c
(Use VPN to open from Russia)
#azure
👍3🔥1😱1
🔶 Terraform AWS Provider: Everything you need to know about Multi-Account Authentication and Configuration
Post covering multiple options available to configure the authentication between Terraform and AWS.
https://hector-reyesaleman.medium.com/terraform-aws-provider-everything-you-need-to-know-about-multi-account-authentication-and-f2343a4afd4b
(Use VPN to open from Russia)
#aws
Post covering multiple options available to configure the authentication between Terraform and AWS.
https://hector-reyesaleman.medium.com/terraform-aws-provider-everything-you-need-to-know-about-multi-account-authentication-and-f2343a4afd4b
(Use VPN to open from Russia)
#aws
👍4❤1🔥1
🔴 Cloud CISO Perspectives: How boards can help cyber-crisis communications
Google Cloud CISO Phil Venables talks about the important (and often undervalued) organizational skill of crisis communications.
https://cloud.google.com/blog/products/identity-security/cloud-ciso-perspectives-how-boards-can-help-cyber-crisis-communications/
#gcp
Google Cloud CISO Phil Venables talks about the important (and often undervalued) organizational skill of crisis communications.
https://cloud.google.com/blog/products/identity-security/cloud-ciso-perspectives-how-boards-can-help-cyber-crisis-communications/
#gcp
👍3❤1🔥1
🔷 Exploring the Dark Side of Package Files and Storage Account Abuse
How attackers can abuse the Storage Account's connection string to gain unauthorized access to the Function Apps.
https://3xpl01tc0d3r.blogspot.com/2023/10/exploring-dark-side-of-package-files.html
#azure
How attackers can abuse the Storage Account's connection string to gain unauthorized access to the Function Apps.
https://3xpl01tc0d3r.blogspot.com/2023/10/exploring-dark-side-of-package-files.html
#azure
👍3❤1🔥1
🔶 Securing attacks targeted at user or kernel level for customer X with KubeArmor & AWS Bottlerock
The article outlines how KubeArmor and AWS Bottlerocket enhance security in Kubernetes deployments. KubeArmor aids in blocking unwanted binaries and applying granular controls at the container level, while AWS Bottlerocket fortifies host and worker nodes.
https://www.cncf.io/blog/2023/10/26/securing-attacks-targeted-at-user-or-kernel-level-for-customer-x-with-kubearmor-aws-bottlerocket/
#aws
The article outlines how KubeArmor and AWS Bottlerocket enhance security in Kubernetes deployments. KubeArmor aids in blocking unwanted binaries and applying granular controls at the container level, while AWS Bottlerocket fortifies host and worker nodes.
https://www.cncf.io/blog/2023/10/26/securing-attacks-targeted-at-user-or-kernel-level-for-customer-x-with-kubearmor-aws-bottlerocket/
#aws
👍3🔥2❤1
🔶 Fargate and Cribl (Stream): How We Got It Working
The article discusses deploying Cribl using AWS Fargate to manage log data more effectively, outlining an approach to setting up this infrastructure.
https://floqast.com/engineering-blog/post/fargate-and-cribl-stream-how-we-got-it-working/
#aws
The article discusses deploying Cribl using AWS Fargate to manage log data more effectively, outlining an approach to setting up this infrastructure.
https://floqast.com/engineering-blog/post/fargate-and-cribl-stream-how-we-got-it-working/
#aws
👍3❤1🔥1
🔴 Detect transitive access to sensitive Google Cloud resources
If a user can successfully authenticate as a service account, they gain access to all the IAM permissions associated with that account.
https://p0.dev/blog/transitive-access-gcp
#gcp
If a user can successfully authenticate as a service account, they gain access to all the IAM permissions associated with that account.
https://p0.dev/blog/transitive-access-gcp
#gcp
👍3❤1🔥1
🔶 AWS Network Firewall egress filtering can be easily bypassed
If you are thinking of or are already using AWS Network Firewall to control and filter egress traffic to only allow connections to approved destination sites, you need to read this post, as it may not work as you have thought.
https://canglad.com/blog/2023/aws-network-firewall-egress-filtering-can-be-easily-bypassed/
#aws
If you are thinking of or are already using AWS Network Firewall to control and filter egress traffic to only allow connections to approved destination sites, you need to read this post, as it may not work as you have thought.
https://canglad.com/blog/2023/aws-network-firewall-egress-filtering-can-be-easily-bypassed/
#aws
👍2🔥2😱1
🔶 CloudKeys in the Air: Tracking Malicious Operations of Exposed IAM Keys
PaloAlto analyzes an attack path starting with GitHub IAM exposure and leading to creation of AWS Elastic Compute instances, which TAs used to perform cryptojacking.
https://unit42.paloaltonetworks.com/malicious-operations-of-exposed-iam-keys-cryptojacking/
#aws
PaloAlto analyzes an attack path starting with GitHub IAM exposure and leading to creation of AWS Elastic Compute instances, which TAs used to perform cryptojacking.
https://unit42.paloaltonetworks.com/malicious-operations-of-exposed-iam-keys-cryptojacking/
#aws
👍3🔥1😱1
🔶 The deputy is confused about AWS Security Hub
The article highlights a potential issue with AWS Security Hub where incorrect AWS account IDs could lead to cross-tenant data pollution, potentially allowing an attacker to pollute someone else's Security Hub.
https://blog.plerion.com/the-deputy-is-confused-about-aws-security-hub/
#aws
The article highlights a potential issue with AWS Security Hub where incorrect AWS account IDs could lead to cross-tenant data pollution, potentially allowing an attacker to pollute someone else's Security Hub.
https://blog.plerion.com/the-deputy-is-confused-about-aws-security-hub/
#aws
👍2❤1🔥1
🔴 Migrating to Google Workspace: Solving Email Routing Challenges
My firsthand experience with migrating from Cloudflare Email Routing to Google Workspace.
https://blog.marcolancini.it/2023/blog-migrate-to-google-workspace/
#gcp
My firsthand experience with migrating from Cloudflare Email Routing to Google Workspace.
https://blog.marcolancini.it/2023/blog-migrate-to-google-workspace/
#gcp
👍3❤1🔥1
🔶🔴 ApatchMe - Authenticated Stored XSS Vulnerability in AWS and GCP Apache Airflow Services
Unpatched Apache Airflow instances used in AWS and GCP allow an exploitable stored XSS through the task instance details page.
https://www.tenable.com/blog/apatchme-authenticated-stored-xss-vulnerability-in-aws-and-gcp-apache-airflow-services
(Use VPN to open from Russia)
#aws #gcp
Unpatched Apache Airflow instances used in AWS and GCP allow an exploitable stored XSS through the task instance details page.
https://www.tenable.com/blog/apatchme-authenticated-stored-xss-vulnerability-in-aws-and-gcp-apache-airflow-services
(Use VPN to open from Russia)
#aws #gcp
❤4👍1🔥1
🔶 Announcing the EKS Cluster Games
Wiz released "The EKS Cluster Games", a cloud security Capture The Flag (CTF) event. The mission? To identify and learn about common Amazon EKS security issues.
https://www.wiz.io/blog/announcing-the-eks-cluster-games
#aws
Wiz released "The EKS Cluster Games", a cloud security Capture The Flag (CTF) event. The mission? To identify and learn about common Amazon EKS security issues.
https://www.wiz.io/blog/announcing-the-eks-cluster-games
#aws
🔥3👍2❤1
🔷 Weather Forecast: Money Is Going to Rain from the Cloud
SafeBreach researchers discovered and exploited a billing flaw in Azure Automation Service, enabling free, hidden, and unstoppable cryptocurrency mining using Python noscripts and Runbooks.
https://www.safebreach.com/blog/cryptocurrency-miner-microsoft-azure
#azure
SafeBreach researchers discovered and exploited a billing flaw in Azure Automation Service, enabling free, hidden, and unstoppable cryptocurrency mining using Python noscripts and Runbooks.
https://www.safebreach.com/blog/cryptocurrency-miner-microsoft-azure
#azure
🔥3❤1👍1
🔷 Spoofing Microsoft Entra ID Verified Publisher Status
It was possible to manipulate the consenting process of a legitimate verified publisher application to implant malicious unverified applications within a Microsoft Entra ID tenant.
https://www.secureworks.com/research/spoofing-microsoft-entra-id-verified-publisher-status
#azure
It was possible to manipulate the consenting process of a legitimate verified publisher application to implant malicious unverified applications within a Microsoft Entra ID tenant.
https://www.secureworks.com/research/spoofing-microsoft-entra-id-verified-publisher-status
#azure
👍2❤1🔥1
🔷 The Triforce of Initial Access
The article emphasizes that the success of Red Teaming often hinges on the quality of information (loot) gathered and the effectiveness of the tools used, such as Evilginx, ROADtools, and TeamFiltration, complemented by the Bobber noscript.
https://trustedsec.com/blog/the-triforce-of-initial-access
#azure
The article emphasizes that the success of Red Teaming often hinges on the quality of information (loot) gathered and the effectiveness of the tools used, such as Evilginx, ROADtools, and TeamFiltration, complemented by the Bobber noscript.
https://trustedsec.com/blog/the-triforce-of-initial-access
#azure
👍2🔥2❤1
🔶 How to create an AMI hardening pipeline and automate updates to your ECS instance fleet
How to create a workflow to enhance Amazon ECS-optimized AMIs by using the CIS Docker Benchmark and automatically updating your EC2 instances in your ECS cluster with the newly created AMIs.
https://aws.amazon.com/ru/blogs/security/how-to-create-an-ami-hardening-pipeline-and-automate-updates-to-your-ecs-instance-fleet/
#aws
How to create a workflow to enhance Amazon ECS-optimized AMIs by using the CIS Docker Benchmark and automatically updating your EC2 instances in your ECS cluster with the newly created AMIs.
https://aws.amazon.com/ru/blogs/security/how-to-create-an-ami-hardening-pipeline-and-automate-updates-to-your-ecs-instance-fleet/
#aws
👍3🔥1😱1
🔴 Introducing Advanced Vulnerability Insights for GKE
Artifact Analysis in partnership with Google Kubernetes Engine has introduced a new vulnerability scanning offering called Advanced Vulnerability Insights.
https://cloud.google.com/blog/products/identity-security/introducing-advanced-vulnerability-insights-for-gke
#gcp
Artifact Analysis in partnership with Google Kubernetes Engine has introduced a new vulnerability scanning offering called Advanced Vulnerability Insights.
https://cloud.google.com/blog/products/identity-security/introducing-advanced-vulnerability-insights-for-gke
#gcp
👍4🔥1😱1
🔷 Mistaken Identity: Extracting Managed Identity Credentials from Azure Function Apps
The article discusses a security vulnerability in Azure Function Apps, where Linux containers use an encrypted startup context file that can be decrypted to expose sensitive data, including Managed Identity certificates.
https://www.netspi.com/blog/technical/cloud-penetration-testing/mistaken-identity-azure-function-apps
#azure
The article discusses a security vulnerability in Azure Function Apps, where Linux containers use an encrypted startup context file that can be decrypted to expose sensitive data, including Managed Identity certificates.
https://www.netspi.com/blog/technical/cloud-penetration-testing/mistaken-identity-azure-function-apps
#azure
👍3🔥1😱1