🔷 Abusing Azure Container Registry Tasks

How one Azure service supporting DevOps can start in a very solid "secure by default" state, but then quickly descend into a very dangerous configured state.

https://posts.specterops.io/abusing-azure-container-registry-tasks-1f407bfaa465

#azure

🔴 Mitigating the top 10 security threats to GCP using the CIS Google Cloud Platform Foundation Benchmark

What the CIS Google Cloud Platform Foundation Benchmark offers against 10 of the most common GCP misconfigurations that NCC Group comes across during client assessments.

https://research.nccgroup.com/2022/04/20/mitigating-the-top-10-security-threats-to-gcp-using-the-cis-google-cloud-platform-foundation-benchmark%ef%bf%bc

#gcp

🔶 AWS's Log4Shell Hot Patch Vulnerable to Container Escape and Privilege Escalation

PaloAlto identified severe security issues within AWS Log4Shell hot patch solutions. This article provides a root cause analysis and overview of fixes and mitigations.

https://unit42.paloaltonetworks.com/aws-log4shell-hot-patch-vulnerabilities

#aws

🔴 Where's my stuff on GCP?

In 2018 GCP released a feature called Cloud Asset Inventory. It allows one to search for all your resources globally: "$ gcloud asset search-all-resources".

https://medium.com/google-cloud/wheres-my-stuff-on-gcp-4a58badda6cc

#gcp

🔶 Implementing Cloud Governance as a Code using Cloud Custodian

Cloud Custodian enables us to define rules and remediation as one policy to facilitate a well-managed cloud infrastructure.

https://www.infracloud.io/blogs/cloud-governance-code-cloud-custodian

#aws

🔷 "ExtraReplica" - a cross-account database vulnerability in Azure PostgreSQL

Wiz Research has discovered a chain of critical vulnerabilities in the widely used Azure Database for PostgreSQL Flexible Server. Dubbed ExtraReplica, this vulnerability allows unauthorized read access to other customers' PostgreSQL databases, bypassing tenant isolation.

https://www.wiz.io/blog/wiz-research-discovers-extrareplica-cross-account-database-vulnerability-in-azure-postgresql

#azure

🔶 CloudGoat goes Serverless: A walkthrough of Vulnerable Lambda Functions

This post walks through exploiting serverless environments and AWS Lambda functions via the CloudGoat vulnerable_lambda scenario.

https://rhinosecuritylabs.com/cloud-security/cloudgoat-vulnerable-lambda-functions

#aws

🔶 Cloud-Native Ransomware – How attacks on availability leverage cloud services

Paper which outlines the paths a malicious actor might take to affect the availability of data by using the tools provided by Cloud Service Providers, as well as providing architectural patterns to make securing these systems easier and methods for detecting cloud-native ransomware.

https://content.vectra.ai/rs/748-MCE-447/images/WhitePaper_Cloud_Native_Ransomware.pdf

#aws

🔶 A decade of innovating with AWS Marketplace

An interesting history and overview of AWS Marketplace, which aims to make it easy to buy and deploy software from vendors into your AWS environment, like Snowflake, Databricks, Palo Alto Networks, and more.

https://aws.amazon.com/ru/blogs/awsmarketplace/decade-innovating-aws-marketplace

#aws

🔶 How to control access to AWS resources based on AWS account, OU, or organization

New IAM condition keys to make it simpler to control access across org boundaries: aws:ResourceOrgID, aws:ResourceOrgPaths, and aws:ResourceAccount.

https://aws.amazon.com/blogs/security/how-to-control-access-to-aws-resources-based-on-aws-account-ou-or-organization

#aws

🔷 Gaining Unlimited access to graph AuditLogs endpoint using complex filters with non-privileged user account

Another Azure vulnerability, this time allowing an unprivileged user to modify graph search filters so that user could access logs which would normally require admin roles.

https://securecloud.blog/2022/04/21/microsoft-cloud-security-research-public-disclosure-gaining-unlimited-access-to-graph-auditlogs-endpoint-using-complex-filters-with-non-privileged-user-account

#azure

🔶 Old Services, New Tricks: Cloud Metadata Abuse by UNC2903

Mandiant identified exploitation of public-facing web applications by threat actors (UNC2903) to harvest credentials using Amazon's Instance Metadata Service (IMDS).

https://www.mandiant.com/resources/cloud-metadata-abuse-unc2903

#aws

🔶 Bottlerocket Security Guidance

Recommendations, details, and examples to help you create a configuration that meets your security and compliance requirements.

https://github.com/bottlerocket-os/bottlerocket/blob/develop/SECURITY_GUIDANCE.md

#aws

🔷 Intelligent application protection from edge to cloud with Azure Web Application Firewall

Microsoft has been evolving Azure Web Application Firewall (Azure WAF), a cloud-native, self-managed security service to protect your applications and APIs running in Azure or anywhere else, from the network edge to the cloud.

https://azure.microsoft.com/en-gb/blog/intelligent-application-protection-from-edge-to-cloud-with-azure-web-application-firewall

#azure

🔶 Tools That Use AWS Logs to Help with Least Privilege

Great overview by Sym’s Adam Buggia on resources and tools for creating least privilege IAM policies. He discusses deriving AWS policies from CloudTrail Data vs designing policies using Client Side Monitoring (and their respective trade-offs), and how to generate policies for a Terraform Project using Localstack.

https://blog.symops.com/2022/05/06/least-privilege-policies-from-aws-logs

#aws

🔴 How many of your GCP buckets are publicly accessible? It might be more than you think...

A thorough examination of Google Cloud Platform's (GCP) storage service, how to access buckets, and how to make sure your buckets are configured as intended.

https://blog.lightspin.io/gcp-buckets-publicly-accessible

#gcp

🔷 Azure Synapse Security Advisory - Orca Security

Orca Security issued a security advisory to address hazards in the use of the Microsoft Azure Synapse service. It is believef the tenant separation in this service is insufficiently robust to protect secrets against other tenants.

https://orca.security/resources/blog/azure-synapse-analytics-security-advisory

#azure

🔶 Security reference architecture for a serverless application

A walkthrough of security controls for a serverless architecture via a demo application.

https://anunay-bhatt.medium.com/security-reference-architecture-for-a-serverless-application-2fcd25b1d5e2

#aws

🔶 Securing AWS Lambda function URLs

Learn about the security risks of misconfigured Lambda function URLs and how to properly secure them.

https://www.wiz.io/blog/securing-aws-lambda-function-urls

#aws

🔶 GitHub Actions signing Lambda code

A walkthrough on how to sign AWS Lambda function code built with GitHub Actions.

https://alsmola.medium.com/github-actions-signing-lambda-code-5b7444299b

#aws

🔶 Learning from AWS Customer Security Incidents [2022]

Slides of a post discussing the public catalog of AWS Customer Security Incidents, covering over twenty different public breaches. It walks through the technical details of these attacks, establish the common root causes, look at lessons learned, and establish how you can proactively secure your environment against these real world risks.

https://speakerdeck.com/ramimac/learning-from-aws-customer-security-incidents-2022

#aws