🔶 Dependency confusion in AWS CodeArtifact

At the time of the finding Code Artifact did not have any features to specify which packages were internal and therefore should not be pulled from public repositories.

https://zego.engineering/dependency-confusion-in-aws-codeartifact-86b9ff68963d?gi=eb56bfabbd85

#aws

🔶 AWS Security by Dylan Shields

An excellent book by software engineer working on Quantum Computing at Amazon Dylan Shields describing that running your systems in the cloud doesn’t automatically make them secure. Learn the tools and new management approaches you need to create secure apps and infrastructure on AWS.

#aws

🔶 Uncomplicate Security for developers using Reference Architectures

Post walking through some of the salient features of a meaningful security reference architecture and the process required to develop one, as well as looking at the challenges that one might expect to face.

https://anunay-bhatt.medium.com/embedding-security-into-sdlc-using-reference-architectures-for-developers-29403c00fb3d

#aws

🔶 Setup GitHub Codespaces with AWS IAM Roles Anywhere

Demonstration of how you could leverage IAM Roles Anywhere to authenticate your GitHub Codespaces.

https://devopstar.com/2022/08/01/github-codespaces-and-iam-roles-anywhere

#aws

🔶🔷🔴 HashiCorp State of Cloud Strategy Survey

Insights from HashiCorp’s 2022 State of Cloud Strategy Survey, commissioned by HashiCorp and conducted by Forrester Consulting. Forrester surveyed more than 1,000 technology practitioners and decision makers from around the world, drawn from random samplings as well as the HashiCorp opt-in contact database.

Some stats that stuck out to us:

1️⃣ 81% of companies are or are planning to use multiple cloud providers
2️⃣ 86% have a centralized function or group responsible for cloud operations or strategy

https://www.hashicorp.com/state-of-the-cloud

#aws #azure #gcp

🔷🔴 The cloud has an isolation problem: PostgreSQL vulnerabilities affect multiple cloud vendors

How Wiz Research uncovered multiple related vulnerabilities in PostgreSQL-as-a-Service offerings from GCP, Azure, and others.

https://www.wiz.io/blog/the-cloud-has-an-isolation-problem-postgresql-vulnerabilities

#azure #gcp

🔶 AWS Account Setup and Root User

A guide through the introductory steps to configure contacts for an AWS account & secure the root user.

https://wellarchitectedlabs.com/security/100_labs/100_aws_account_and_root_user

#aws

🔶 How to manage Route53 hosted zones in a multi-account environment

How to manage Route53 hosted zones in a multi-account environment so each account has full authority over its subdomain.

https://theburningmonk.com/2021/05/how-to-manage-route53-hosted-zones-in-a-multi-account-environment

#aws

🔶Granted Approvals - an Open Source Permission Management Framework

"We’ve designed Approvals so that it only has the ability to assign roles to existing users, rather than create new roles or new users. By design, the blast radius of Granted Approvals being compromised is that existing users in your directory could be granted access to roles, rather than external users being created. Better yet — Approvals is deployed as a serverless application which runs in your own AWS account, so Common Fate won’t have access to any data in your Granted Approvals deployment."

https://commonfate.io/blog/granted-approvals-release

#aws

🔶awslabs/assisted-log-enabler-for-aws

Assisted Log Enabler for AWS is for customers who do not have logging turned on for various services, and lack knowledge of best practices and/or how to turn them on.

https://github.com/awslabs/assisted-log-enabler-for-aws

#aws

🔷Automating Insecurity In Azure

Slides of the homonym talk at cloudvillage_dc (on Twitter).

https://notpayloads.blob.core.windows.net/slides/DC-AzureAutomationAccounts.pdf

#azure

🔴 GCP: Monitor IAM role assignments via Log Alerts in GCP

How to create Log alerts in GCP to track specific IAM role assignments.

https://medium.com/google-cloud/audit-iam-role-assignments-in-gcp-through-log-alerts-3bcdf3d7a504

#gcp

🔶Three Guardrails for AWS Lambda

Three guardrails you can put in place around that Lambda code: code signing, function versions and aliases, and Amazon CodeGuru Reviewer.

https://blog.symops.com/2022/08/17/lambda-guardrails

#aws

🔶How to setup geofencing and IP allow-list for Cognito user pool

AWS announced a new feature this week that lets you enable WAF protection for Cognito user pools. And one of the things you can do with this is to implement geo-fencing and IP allow/deny lists.

https://theburningmonk.com/2022/08/how-to-setup-geofencing-and-ip-allow-list-for-cognito-user-pool

#aws

Специальный выпуск Monthly Cloud News, посвященный информационной безопасности в облаке

В беседе Антона Черноусова с Алексеем Миртовым и Евгением Сидоровым окунемся в вопросы терзающие безопасников и разработчиков, ведущих проекты в облаке.

Темы августовского выпуска:

🔹 IT-сотрудники хотят в облака
🔹 Лучше ли безопаснику в облаке?
🔹 Обсудим топ-рисков ИБ в облаках
🔹 Утечки статических Сredentials
🔹 DevSecOps как симбиоз полезных практик для разработки
🔹 Audit Trails и все все все...
🔹 Повышение культуры разработки через обучение ИБ

Регистрируйтесь!

#advertising

🔶How to detect suspicious activity in your AWS account by using private decoy resources

AWS’s Maitreya Ranganath and Mark Keating describe how you can create low-cost private decoy AWS resources in your AWS accounts and configure them to generate alerts when they are accessed.

https://aws.amazon.com/ru/blogs/security/how-to-detect-suspicious-activity-in-your-aws-account-by-using-private-decoy-resources

#aws

🔷Hunt for compromised Azure subscriptions using Microsoft Defender for Cloud Apps

How Microsoft Defender for Cloud Apps data can help hunt and mitigate the risk of compromised subscriptions.

https://techcommunity.microsoft.com/t5/microsoft-365-defender-blog/hunt-for-compromised-azure-subscriptions-using-microsoft/ba-p/3607121

#azure

🔴 Controls to restrict access to individually approved APIs

How to restrict access to individually approved Google APIs using the Organization Policy Service and other network controls.

https://cloud.google.com/architecture/network-controls-limit-access-individually-approved-apis

#gcp

🔶 AWS WAF Fraud Control - Account takeover prevention for Amazon CloudFront

AWS WAF Fraud Control - Account Takeover Prevention protects your application's login page against credential stuffing attacks, brute force attempts, and other anomalous login activities.

https://aws.amazon.com/ru/about-aws/whats-new/2022/08/aws-waf-fraud-control-account-takeover-prevention-cloudfront

#aws

🔴 Announcing Virtual Machine Threat Detection now generally available to Cloud customers

Google announced that Virtual Machine Threat Detection (VMTD) in Security Command Center is now generally available for all Google Cloud customers.

https://cloud.google.com/blog/products/identity-security/introducing-virtual-machine-threat-detection-to-block-critical-threats

#gcp