🔶 2 Critical Cloud Vulnerabilities to Convince You to Move to the Cloud

The Orca Security Research Team wrote about 2 critical zero-day vulnerabilities affecting AWS: Superglue and BreakingFormation. These vulnerabilities could've allowed unauthorized access to customer data and/or sensitive code and data within AWS.

https://orca.security/resources/blog/two-critical-cloud-vulnerabilities/

#aws

🔷 Persistence with Azure Policy Guest Configuration

Use Azure Policy Guest Configuration to gain persistence in your target environment and how to detect such an attack as a defender.

https://cloudbrothers.info/en/azure-persistence-azure-policy-guest-configuration/

#azure

🔶 Recover your AWS account via Customer Support

A Twitter thread on how to get AWS Customer Support to remove MFA from your root account.

https://twitter.com/jrhunt/status/1478935811336798211?s=12

#aws

🔶 Implementing a Vulnerable AWS DevOps Environment as a CloudGoat Scenario

A vulnerable "modern AWS DevOps environment" with an API, simulated user activity, and a continuous deployment pipeline.

https://blog.christophetd.fr/implementing-a-vulnerable-aws-devops-environment-as-a-cloudgoat-scenario/

#aws

🔴 Geofencing a Globally Load Balanced service on GCP using Cloud Armor

How to use Cloud Armor to geofence a website/service running on GCP using Cloud Run, Google Cloud Storage (GCS) and the Global HTTP(S) Load Balancer.

https://medium.com/google-cloud/geofencing-a-globally-load-balanced-service-on-gcp-using-cloud-armor-44099480fd00

#gcp

🔶 Vulnerable AWS Lambda function - Initial access in cloud attacks

How a vulnerable AWS Lambda function could be used by attackers, and some best practices to mitigate these attacks.

https://sysdig.com/blog/exploit-mitigate-aws-lambdas-mitre/

#aws

🔴 Creating your first GCP Organization

A walk-through for anyone who hasn't yet created their first Google Identity domain for experimentation in GCP.

https://www.chrisfarris.com/post/gcp-create-domain/

#gcp

🔶 GitHub Actions - Update on OIDC based deployments to AWS

If you use OIDC to deploy from Github Action to AWS, update the trusted thumbprint!

https://github.blog/changelog/2022-01-13-github-actions-update-on-oidc-based-deployments-to-aws/

#aws

🔶 Top 10 security best practices for securing backups in AWS

This post will guide you through a curated list of the top ten security best practices to secure your backup data and operations in AWS.

https://aws.amazon.com/ru/blogs/security/top-10-security-best-practices-for-securing-backups-in-aws/

#aws

🔶 How I Discovered Thousands of Open Databases on AWS

A writeup describing the journey on finding and reporting databases with sensitive data about Fortune-500 companies, hospitals, crypto platforms, startups, and more.

https://infosecwriteups.com/how-i-discovered-thousands-of-open-databases-on-aws-764729aa7f32

#aws

🔶 Catalog of AWS Customer Security Incidents

This repository seeks to index all publicly disclosed AWS customer security incidents with a known root cause.

https://github.com/ramimac/aws-customer-security-incidents

#aws

🔶 Kubernetes protection in Amazon GuardDuty

GuardDuty can now monitor Kubernetes clusters within your AWS environment.

https://docs.aws.amazon.com/guardduty/latest/ug/kubernetes-protection.html

#aws

🔶 Why you need to update your risky default EMR managed roles and policies

Post examining EMR's default roles and managed policies to understand if they follow security best practices of least privileges.

https://blog.lightspin.io/why-update-risky-default-emr-managed-roles-and-policies

#aws

🔶 Handling Auth in EKS Clusters: Setting Up Kubernetes User Access Using AWS IAM

How to get authentication working correctly in EKS from the beginning.

https://nextlinklabs.com/insights/handling-authentication-in-EKS-clusters-kubernetes-AWS-IAM

#aws

🔶 Attack trend alert: AWS-themed credential phishing technique

They're at it again. This time attackers are phishing for credentials by sending fake AWS log-in pages to unsuspecting users.

https://expel.com/blog/attack-trend-alert-aws-themed-credential-phishing-technique

#aws

🔶 Bypassing the AWS WAF protection with an 8KB bullet

The AWS WAF and Shield service can be used to protect web applications against a lot of different types of attacks. However, it has a limitation on the size of the packet that it can inspect that could result in attackers being able to bypass its protection features.

https://kloudle.com/blog/the-infamous-8kb-aws-waf-request-body-inspection-limitation

#aws

🔴 GCP - Specifying an expiry time for user-managed keys

It is now (finally!) possible to specify a default expiry for service account keys.

https://cloud.google.com/iam/docs/service-accounts#key-expiry

#gcp

🔶 Ransomware-resistant backups with duplicity and AWS S3

Why you should care about ransomware attacks even for irrelevant internet-connected systems, and how to use duplicity with AWS S3 to create ransomware-resistant backups.

https://www.franzoni.eu/ransomware-resistant-backups

#aws

🔶 AWS IAM: Best practices [Part 1]

Some approaches on how to manage IAM policies at scale, how these approaches/practices will affect access management and how to include these practices in an existing or new setup.

https://www.iampulse.com/articles/aws-iam-best-practices-part-1

#aws

🔷 Understanding and Protecting local authentication for Azure services - Part 1

The challenge is to protect service-level (or local) authentication credentials from malicious or unintended use in a way that is manageable at scale.

https://davidokeyode.medium.com/understanding-and-protecting-local-authentication-for-azure-services-part-1-e1b308e7b05f

#azure

🔶 A "Safety Net" for AWS Canarytokens

AWS Canarytokens are a low-effort, high-fidelity method to detect attackers who have compromised your infrastructure.

https://blog.thinkst.com/2022/02/a-safety-net-for-aws-canarytokens.html

#aws