🔶 Malware analysis on AWS: Setting up a secure environment
The basic steps to build isolated sandbox environments, robust security controls, and proper monitoring policies to safely analyze malware.
https://aws.amazon.com/ru/blogs/security/malware-analysis-on-aws-setting-up-a-secure-environment/
#aws
The basic steps to build isolated sandbox environments, robust security controls, and proper monitoring policies to safely analyze malware.
https://aws.amazon.com/ru/blogs/security/malware-analysis-on-aws-setting-up-a-secure-environment/
#aws
❤2👍2🔥2
🔶 Introducing AWS Cloud Control API MCP Server
This MCP server allows to create, read, update, delete, and list resources using natural language.
https://aws.amazon.com/ru/blogs/devops/introducing-aws-cloud-control-api-mcp-server-natural-language-infrastructure-management-on-aws/
(Use VPN to open from Russia)
#aws
This MCP server allows to create, read, update, delete, and list resources using natural language.
https://aws.amazon.com/ru/blogs/devops/introducing-aws-cloud-control-api-mcp-server-natural-language-infrastructure-management-on-aws/
(Use VPN to open from Russia)
#aws
🔥2❤1👍1
🔶 Using AWS Certificate Manager as a covert exfiltration mechanism
This article demonstrates how AWS Certificate Manager can be exploited as a data exfiltration mechanism by storing arbitrary data in X.509 certificates' nsComments extension, allowing up to 2MB per certificate.
https://me.costaskou.com/articles/acmfs/
#aws
This article demonstrates how AWS Certificate Manager can be exploited as a data exfiltration mechanism by storing arbitrary data in X.509 certificates' nsComments extension, allowing up to 2MB per certificate.
https://me.costaskou.com/articles/acmfs/
#aws
❤1👍1🔥1
🔶 Enumerating AWS the quiet way: CloudTrail-free discovery with Resource Explorer
Discover how attackers could quietly enumerate AWS resources via Resource Explorer, and how Datadog and AWS worked together to close the visibility gap.
https://securitylabs.datadoghq.com/articles/enumerating-aws-the-quiet-way-cloudtrail-free-discovery-with-resource-explorer/
#aws
Discover how attackers could quietly enumerate AWS resources via Resource Explorer, and how Datadog and AWS worked together to close the visibility gap.
https://securitylabs.datadoghq.com/articles/enumerating-aws-the-quiet-way-cloudtrail-free-discovery-with-resource-explorer/
#aws
❤1👍1🔥1
🔶 Another ECS Privilege Escalation Path
Post covering a privilege escalation vector which relies on using functionality designed for the ECS agent to self-register a compromised EC2 and override a task definition.
https://labs.reversec.com/posts/2025/08/another-ecs-privilege-escalation-path
#aws
Post covering a privilege escalation vector which relies on using functionality designed for the ECS agent to self-register a compromised EC2 and override a task definition.
https://labs.reversec.com/posts/2025/08/another-ecs-privilege-escalation-path
#aws
❤1👍1🔥1
🔴 Now available: Cloud HSM as an encryption key service for Workspace client-side encryption
To help highly-regulated organizations meet their encryption key service obligation, Google is now offering Cloud HSM for Google Workspace CSE customers.
https://cloud.google.com/blog/products/identity-security/introducing-cloud-hsm-as-an-encryption-key-service-for-workspace-cse/
#gcp
To help highly-regulated organizations meet their encryption key service obligation, Google is now offering Cloud HSM for Google Workspace CSE customers.
https://cloud.google.com/blog/products/identity-security/introducing-cloud-hsm-as-an-encryption-key-service-for-workspace-cse/
#gcp
👍2❤1🔥1
🔴 From silos to synergy: New Compliance Manager, now in preview
Google Cloud Compliance Manager, now in preview, can help simplify and enhance how organizations manage security, privacy, and compliance in the cloud.
https://cloud.google.com/blog/products/identity-security/streamline-auditing-compliance-manager-is-now-in-preview/
#gcp
Google Cloud Compliance Manager, now in preview, can help simplify and enhance how organizations manage security, privacy, and compliance in the cloud.
https://cloud.google.com/blog/products/identity-security/streamline-auditing-compliance-manager-is-now-in-preview/
#gcp
❤1👍1🔥1
🔶 AWS CDK and SaaS Provider Takeover
This article details a vulnerability where SaaS providers using AWS CDK bootstrap roles could have their accounts taken over through their own platform due to permissive IAM role trust policies lacking external ID protections.
https://blog.ryanjarv.sh/2025/07/21/saas-provider-takeover.html
#aws
This article details a vulnerability where SaaS providers using AWS CDK bootstrap roles could have their accounts taken over through their own platform due to permissive IAM role trust policies lacking external ID protections.
https://blog.ryanjarv.sh/2025/07/21/saas-provider-takeover.html
#aws
❤1👍1🔥1
🔶 A new type of long-lived key on AWS: Bedrock API keys
AWS has introduced a new type of long-lived key called Bedrock API keys, which are used for authenticating applications. These keys are created through the IAM API and can have an expiration time set, but there's no way to enforce this via IAM policy conditions.
https://www.wiz.io/blog/a-new-type-of-long-lived-key-on-aws-bedrock-api-keys
(Use VPN to open from Russia)
#aws
AWS has introduced a new type of long-lived key called Bedrock API keys, which are used for authenticating applications. These keys are created through the IAM API and can have an expiration time set, but there's no way to enforce this via IAM policy conditions.
https://www.wiz.io/blog/a-new-type-of-long-lived-key-on-aws-bedrock-api-keys
(Use VPN to open from Russia)
#aws
❤2👍1🔥1
🔶 AWS CDK and SaaS Provider Takeover
This article details a vulnerability where SaaS providers using AWS CDK bootstrap roles could have their accounts taken over through their own platform due to permissive IAM role trust policies lacking external ID protections.
https://blog.ryanjarv.sh/2025/07/21/saas-provider-takeover.html
(Use VPN to open from Russia)
#aws
This article details a vulnerability where SaaS providers using AWS CDK bootstrap roles could have their accounts taken over through their own platform due to permissive IAM role trust policies lacking external ID protections.
https://blog.ryanjarv.sh/2025/07/21/saas-provider-takeover.html
(Use VPN to open from Russia)
#aws
❤1👍1🔥1
🔶 Simplify multi-tenant encryption with a cost-conscious AWS KMS key strategy
An efficient approach to managing encryption keys in a multi-tenant SaaS environment through centralization, addressing challenges like key proliferation, rising costs, and operational complexity across multiple AWS accounts and services.
https://aws.amazon.com/ru/blogs/architecture/simplify-multi-tenant-encryption-with-a-cost-conscious-aws-kms-key-strategy/
(Use VPN to open from Russia)
#aws
An efficient approach to managing encryption keys in a multi-tenant SaaS environment through centralization, addressing challenges like key proliferation, rising costs, and operational complexity across multiple AWS accounts and services.
https://aws.amazon.com/ru/blogs/architecture/simplify-multi-tenant-encryption-with-a-cost-conscious-aws-kms-key-strategy/
(Use VPN to open from Russia)
#aws
❤1👍1🔥1
🔶 Sandboxed to Compromised: Credential Exfiltration Paths in AWS Code Interpreters
The article discusses security vulnerabilities in AWS Code Interpreters, particularly focusing on sandboxed environments, and demonstrates that even sandboxed interpreters can access certain AWS services like S3, and their role credentials can be extracted through the Metadata Service.
https://sonraisecurity.com/blog/sandboxed-to-compromised-new-research-exposes-credential-exfiltration-paths-in-aws-code-interpreters/
(Use VPN to open from Russia)
#aws
The article discusses security vulnerabilities in AWS Code Interpreters, particularly focusing on sandboxed environments, and demonstrates that even sandboxed interpreters can access certain AWS services like S3, and their role credentials can be extracted through the Metadata Service.
https://sonraisecurity.com/blog/sandboxed-to-compromised-new-research-exposes-credential-exfiltration-paths-in-aws-code-interpreters/
(Use VPN to open from Russia)
#aws
❤1👍1🔥1
This article details how attackers exploit Entra ID through OAuth consent injection and app backdooring, covering attack flows, MITRE ATT&CK mappings, detection strategies, and prevention methods for maintaining persistence in Azure environments.
https://www.slashid.com/blog/entra-app-backdooring/
#azure
Please open Telegram to view this post
VIEW IN TELEGRAM
❤2👍1🔥1
🔶 Use scalable controls to help prevent access from unexpected networks
AWS has introduced three new global condition keys for scalable access controls based on request origin: aws:VpceAccount, aws:VpceOrgPaths, and aws:VpceOrgID.
https://aws.amazon.com/blogs/security/use-scalable-controls-to-help-prevent-access-from-unexpected-networks/
(Use VPN to open from Russia)
#aws
AWS has introduced three new global condition keys for scalable access controls based on request origin: aws:VpceAccount, aws:VpceOrgPaths, and aws:VpceOrgID.
https://aws.amazon.com/blogs/security/use-scalable-controls-to-help-prevent-access-from-unexpected-networks/
(Use VPN to open from Russia)
#aws
❤2👍1🔥1
Although often overlooked, Azure Storage logs can provide invaluable insights for digital forensics, helping investigators reconstruct attacker activity, trace data access patterns, and detect anomalies.
https://techcommunity.microsoft.com/blog/microsoftsecurityexperts/cloud-forensics-why-enabling-microsoft-azure-storage-account-logs-matters/4445723
#azure
Please open Telegram to view this post
VIEW IN TELEGRAM
❤1👍1🔥1
🔶 AWS Shield network security director (preview)
Use network security director to understand your AWS security configuration and to explore ways to strengthen it.
https://docs.aws.amazon.com/waf/latest/developerguide/nsd-chapter.html
(Use VPN to open from Russia)
#aws
Use network security director to understand your AWS security configuration and to explore ways to strengthen it.
https://docs.aws.amazon.com/waf/latest/developerguide/nsd-chapter.html
(Use VPN to open from Russia)
#aws
👍2🔥1😱1
🔶 From Compromised Keys to Phishing Campaigns: Inside a Cloud Email Service Takeover
Exposed cloud credentials become the launchpad for mass phishing, highlighting email services as a prime target in cloud exploitation campaigns.
https://www.wiz.io/blog/wiz-discovers-cloud-email-abuse-campaign
#aws
Exposed cloud credentials become the launchpad for mass phishing, highlighting email services as a prime target in cloud exploitation campaigns.
https://www.wiz.io/blog/wiz-discovers-cloud-email-abuse-campaign
#aws
❤1👍1🔥1
This article reveals a vulnerability in Microsoft 365 Copilot where users could access files without generating audit log entries by simply asking Copilot to omit file links. Microsoft fixed but chose not to disclose this issue.
https://pistachioapp.com/blog/copilot-broke-your-audit-log
#azure
Please open Telegram to view this post
VIEW IN TELEGRAM
❤1👍1🔥1
🔶🔴 GCP Workload Identity Federation with AWS ECS Tasks
GCP Workload Identity Federation does not support AWS ECS tasks out of the box. Here is why and what you can do about it.
https://agarabhishek.com/posts/gcp-workload-identity-federation-with-aws-ecs-tasks/
#aws #gcp
GCP Workload Identity Federation does not support AWS ECS tasks out of the box. Here is why and what you can do about it.
https://agarabhishek.com/posts/gcp-workload-identity-federation-with-aws-ecs-tasks/
#aws #gcp
❤1👍1🔥1
🔶 Overview of security services available in AWS Dedicated Local Zones
Dedicated Local Zones provide a robust solution for running regulated workloads for all industries, to meet strict data residency and digital sovereignty, integrating services like AWS Nitro System, AWS KMS External Key Store, ACM, AWS Shield, Amazon GuardDuty, Amazon Inspector, and AWS CloudTrail.
https://aws.amazon.com/ru/blogs/security/overview-of-security-services-available-in-aws-dedicated-local-zones/
(Use VPN to open from Russia)
#aws
Dedicated Local Zones provide a robust solution for running regulated workloads for all industries, to meet strict data residency and digital sovereignty, integrating services like AWS Nitro System, AWS KMS External Key Store, ACM, AWS Shield, Amazon GuardDuty, Amazon Inspector, and AWS CloudTrail.
https://aws.amazon.com/ru/blogs/security/overview-of-security-services-available-in-aws-dedicated-local-zones/
(Use VPN to open from Russia)
#aws
❤1👍1🔥1
Multifactor enforcement for Azure Portal sign-ins was rolled out for 100% of Azure tenants in March 2025. Now, Azure is announcing the start of Phase 2 MFA enforcement at the Azure Resource Manager layer, starting October 1, 2025.
https://azure.microsoft.com/en-us/blog/azure-mandatory-multifactor-authentication-phase-2-starting-in-october-2025/
#azure
Please open Telegram to view this post
VIEW IN TELEGRAM
❤2👍1🔥1