🔶 How to securely transfer files with presigned URLs
Best practices for generating and distributing presigned URLs, security considerations, and recommendations for monitoring usage and access patterns.
https://aws.amazon.com/ru/blogs/security/how-to-securely-transfer-files-with-presigned-urls/
#aws
Best practices for generating and distributing presigned URLs, security considerations, and recommendations for monitoring usage and access patterns.
https://aws.amazon.com/ru/blogs/security/how-to-securely-transfer-files-with-presigned-urls/
#aws
👍3❤1🔥1
🔴 How you can build a FedRAMP High-compliant network with Assured Workloads
Several best practices for securely deploying a network architecture that aligns with FedRAMP High.
https://cloud.google.com/blog/products/identity-security/how-you-can-build-a-fedramp-high-compliant-network-with-assured-workloads/
#gcp
Several best practices for securely deploying a network architecture that aligns with FedRAMP High.
https://cloud.google.com/blog/products/identity-security/how-you-can-build-a-fedramp-high-compliant-network-with-assured-workloads/
#gcp
👍3❤1🔥1
🔶 Simplify risk and compliance assessments with the new common control library in AWS Audit Manager
Audit Manager introduces a common control library that provides common controls with predefined and pre-mapped AWS data sources.
https://aws.amazon.com/ru/blogs/aws/simplify-risk-and-compliance-assessments-with-the-new-common-control-library-in-aws-audit-manager/
#aws
Audit Manager introduces a common control library that provides common controls with predefined and pre-mapped AWS data sources.
https://aws.amazon.com/ru/blogs/aws/simplify-risk-and-compliance-assessments-with-the-new-common-control-library-in-aws-audit-manager/
#aws
👍2❤1🔥1
🔴 Introducing GKE Compliance: Maintain clusters and workloads against industry standards
Google announced built-In, fully managed GKE Compliance within GKE posture management.
https://cloud.google.com/blog/products/containers-kubernetes/gke-compliance-reports-on-cluster-and-workload-posture/
#gcp
Google announced built-In, fully managed GKE Compliance within GKE posture management.
https://cloud.google.com/blog/products/containers-kubernetes/gke-compliance-reports-on-cluster-and-workload-posture/
#gcp
👍2❤1🔥1
🔶 Simplify AWS CloudTrail log analysis with natural language query generation in CloudTrail Lake
Streamline compliance and security analysis using natural language query generation. Ask questions like "What errors occurred last month?" and get ready-to-run SQL queries tailored to your needs - no technical expertise required.
https://aws.amazon.com/ru/blogs/aws/simplify-aws-cloudtrail-log-analysis-with-natural-language-query-generation-in-cloudtrail-lake-preview/
(Use VPN to open from Russia)
#aws
Streamline compliance and security analysis using natural language query generation. Ask questions like "What errors occurred last month?" and get ready-to-run SQL queries tailored to your needs - no technical expertise required.
https://aws.amazon.com/ru/blogs/aws/simplify-aws-cloudtrail-log-analysis-with-natural-language-query-generation-in-cloudtrail-lake-preview/
(Use VPN to open from Russia)
#aws
👍3❤1🔥1
🔶 Tales from the cloud trenches: Raiding for AWS vaults, buckets and secrets
Post exploring a campaign targeting AWS Secrets Manager, AWS S3 and AWS S3 Glacier.
https://securitylabs.datadoghq.com/articles/tales-from-the-cloud-trenches-raiding-for-vaults-buckets-secrets/
#aws
Post exploring a campaign targeting AWS Secrets Manager, AWS S3 and AWS S3 Glacier.
https://securitylabs.datadoghq.com/articles/tales-from-the-cloud-trenches-raiding-for-vaults-buckets-secrets/
#aws
👍3❤1🔥1
🔴 The Unauditable, Unmanageable HMAC Keys in Google Cloud
This blog outlines three vulnerabilities surfaced from how Google Cloud handles user-associated HMAC keys.
https://www.vectra.ai/blog/working-as-intended-the-unauditable-unmanageable-keys-in-google-cloud
#gcp
This blog outlines three vulnerabilities surfaced from how Google Cloud handles user-associated HMAC keys.
https://www.vectra.ai/blog/working-as-intended-the-unauditable-unmanageable-keys-in-google-cloud
#gcp
👍2❤1🔥1
🔶 How to create a pipeline for hardening Amazon EKS nodes and automate updates
How to enhance the security of managed node groups using a CIS Amazon Linux benchmark for Amazon Linux 2 and Amazon Linux 2023.
https://aws.amazon.com/ru/blogs/security/how-to-create-a-pipeline-for-hardening-amazon-eks-nodes-and-automate-updates/
(Use VPN to open from Russia)
#aws
How to enhance the security of managed node groups using a CIS Amazon Linux benchmark for Amazon Linux 2 and Amazon Linux 2023.
https://aws.amazon.com/ru/blogs/security/how-to-create-a-pipeline-for-hardening-amazon-eks-nodes-and-automate-updates/
(Use VPN to open from Russia)
#aws
👍2❤1🔥1
How to prioritize riskiest misconfigurations across your multicloud environment, all inside of a single dashboard by using Defender CSPM.
https://techcommunity.microsoft.com/t5/microsoft-defender-for-cloud/cloud-security-posture-and-contextualization-across-cloud/ba-p/4161703
#azure
Please open Telegram to view this post
VIEW IN TELEGRAM
🔥3❤1👍1
🔶 SaaS tenant isolation with ABAC using AWS STS support for tags in JWT
An alternative approach to implement tenant isolation with ABAC by using the AWS STS AssumeRoleWithWebIdentity API operation and https://aws.amazon.com/tags claim in a JSON Web Token (JWT).
https://aws.amazon.com/ru/blogs/security/saas-tenant-isolation-with-abac-using-aws-sts-support-for-tags-in-jwt/
(Use VPN to open from Russia)
#aws
An alternative approach to implement tenant isolation with ABAC by using the AWS STS AssumeRoleWithWebIdentity API operation and https://aws.amazon.com/tags claim in a JSON Web Token (JWT).
https://aws.amazon.com/ru/blogs/security/saas-tenant-isolation-with-abac-using-aws-sts-support-for-tags-in-jwt/
(Use VPN to open from Russia)
#aws
👍3🔥2❤1
🔶 AWS OIDC Provider Enumeration
A post expanding on Nick Frichette's discovery of enumerable OIDC providers in AWS using the known_aws_accounts dataset.
https://ramimac.me/oidc-provider-enum
#aws
A post expanding on Nick Frichette's discovery of enumerable OIDC providers in AWS using the known_aws_accounts dataset.
https://ramimac.me/oidc-provider-enum
#aws
❤4👍1🔥1
🔶 Publicly Exposed AWS SSM Command Documents
An analysis of the thousands of public SSM Command documents, including identification of secret leakage.
https://ramimac.me/ssm-command-docs
#aws
An analysis of the thousands of public SSM Command documents, including identification of secret leakage.
https://ramimac.me/ssm-command-docs
#aws
👍3❤1🔥1
🔶👩💻 🔴 Attack Paths Into VMs in the Cloud
Virtual machines (VMs) are a significant attack target. Focusing on three major CSPs, this research summarizes the conditions for possible VM attack paths.
https://unit42.paloaltonetworks.com/cloud-virtual-machine-attack-vectors/
#aws #azure #gcp
Virtual machines (VMs) are a significant attack target. Focusing on three major CSPs, this research summarizes the conditions for possible VM attack paths.
https://unit42.paloaltonetworks.com/cloud-virtual-machine-attack-vectors/
#aws #azure #gcp
Please open Telegram to view this post
VIEW IN TELEGRAM
👍4🔥2❤1
This media is not supported in your browser
VIEW IN TELEGRAM
🔴 New Cloud KMS Autokey can help encrypt your resources quickly and efficiently
Cloud KMS Autokey incorporates recommended practices that can significantly reduce the toil associated with managing your own encryption keys.
https://cloud.google.com/blog/products/identity-security/cloud-kms-autokey-can-help-you-encrypt-resources-quickly-and-efficiently/
#gcp
Cloud KMS Autokey incorporates recommended practices that can significantly reduce the toil associated with managing your own encryption keys.
https://cloud.google.com/blog/products/identity-security/cloud-kms-autokey-can-help-you-encrypt-resources-quickly-and-efficiently/
#gcp
👍3❤2🔥1
🔶 Use private key JWT authentication between Amazon Cognito user pools and an OIDC IdP
By redirecting the IdP token endpoint in the Cognito user pool's external OIDC IdP configuration to a route in an API Gateway, you can use Lambda functions to customize the request flow between Cognito and the IdP.
https://aws.amazon.com/ru/blogs/security/use-private-key-jwt-authentication-between-amazon-cognito-user-pools-and-an-oidc-idp/
(Use VPN to open from Russia)
#aws
By redirecting the IdP token endpoint in the Cognito user pool's external OIDC IdP configuration to a route in an API Gateway, you can use Lambda functions to customize the request flow between Cognito and the IdP.
https://aws.amazon.com/ru/blogs/security/use-private-key-jwt-authentication-between-amazon-cognito-user-pools-and-an-oidc-idp/
(Use VPN to open from Russia)
#aws
👍4❤1🔥1
Azure Policy is a popular service to ensure compliance. But did you know attackers can also leverage it to backdoor cloud resources?
https://securitylabs.datadoghq.com/articles/azure-policy-privilege-escalation/
#azure
Please open Telegram to view this post
VIEW IN TELEGRAM
👍3🔥2❤1
🔶 History of Amazon Web Services
A page collecting the history of AWS service announcements and releases.
https://www.awsgeek.com/AWS-History/
#aws
A page collecting the history of AWS service announcements and releases.
https://www.awsgeek.com/AWS-History/
#aws
🔥5❤1👍1
🔴 Announcing expanded Sensitive Data Protection for Cloud Storage
GCP's Sensitive Data Protection (SDP) discovery service now supports Cloud Storage, joining BigQuery, BigLake, and Cloud SQL.
https://cloud.google.com/blog/products/identity-security/announcing-expanded-sensitive-data-protection-for-cloud-storage
#gcp
GCP's Sensitive Data Protection (SDP) discovery service now supports Cloud Storage, joining BigQuery, BigLake, and Cloud SQL.
https://cloud.google.com/blog/products/identity-security/announcing-expanded-sensitive-data-protection-for-cloud-storage
#gcp
👍3❤1🔥1
🔶 Implement an early feedback loop with AWS developer tools to shift security left
How to use AWS CodeCommit to securely host Git repositories, AWS CodePipeline to automate continuous delivery pipelines, AWS CodeBuild to build and test code, and Amazon CodeGuru Reviewer to detect potential code defects.
https://aws.amazon.com/ru/blogs/security/implement-an-early-feedback-loop-with-aws-developer-tools-to-shift-security-left/
(Use VPN to open from Russia)
#aws
How to use AWS CodeCommit to securely host Git repositories, AWS CodePipeline to automate continuous delivery pipelines, AWS CodeBuild to build and test code, and Amazon CodeGuru Reviewer to detect potential code defects.
https://aws.amazon.com/ru/blogs/security/implement-an-early-feedback-loop-with-aws-developer-tools-to-shift-security-left/
(Use VPN to open from Russia)
#aws
👍4❤1🔥1
🔶 Access AWS services programmatically using trusted identity propagation
With the introduction of trusted identity propagation, applications can now propagate a user's workforce identity from their identity provider (IdP) to applications running in AWS and to storage services backing those applications, such as S3 or Glue.
https://aws.amazon.com/ru/blogs/security/access-aws-services-programmatically-using-trusted-identity-propagation/
(Use VPN to open from Russia)
#aws
With the introduction of trusted identity propagation, applications can now propagate a user's workforce identity from their identity provider (IdP) to applications running in AWS and to storage services backing those applications, such as S3 or Glue.
https://aws.amazon.com/ru/blogs/security/access-aws-services-programmatically-using-trusted-identity-propagation/
(Use VPN to open from Russia)
#aws
❤4👍2🔥1
🔶 Moving AWS Accounts and OUs Within An Organization - Not So Simple!
This post explores the potential implications of moving an AWS account or OU to another OU within the same Organization, including impacts to SCP policy inheritance, CloudFormation StackSet deployments, IAM policy conditions, RAM shares, and Control Tower enrollments.
https://blog.wut.dev/2024/07/05/moving-aws-accounts-within-organization.html
#aws
This post explores the potential implications of moving an AWS account or OU to another OU within the same Organization, including impacts to SCP policy inheritance, CloudFormation StackSet deployments, IAM policy conditions, RAM shares, and Control Tower enrollments.
https://blog.wut.dev/2024/07/05/moving-aws-accounts-within-organization.html
#aws
👍3❤2🔥1