πΆ How DoorDash Secures Data Transfer Between Cloud and On-Premise Data Centers
How DoorDash built a secure data transfer to a new payment processing vendor by establishing a private network link using AWS Direct Connect.
https://doordash.engineering/2022/11/29/how-doordash-secures-data-transfer-between-cloud-and-on-premise-data-centers
#aws
How DoorDash built a secure data transfer to a new payment processing vendor by establishing a private network link using AWS Direct Connect.
https://doordash.engineering/2022/11/29/how-doordash-secures-data-transfer-between-cloud-and-on-premise-data-centers
#aws
π₯3
πΆπ·π΄ Detecting Cloud Account Takeover Attacks
The Splunk Threat Research Team shares a closer look at the telemetry available in Azure, AWS and GCP and the options teams have to ingest this data into Splunk.
https://www.splunk.com/en_us/blog/security/detecting-cloud-account-takeover-attacks-threat-research-release-october-2022.html
#aws #azure #gcp
The Splunk Threat Research Team shares a closer look at the telemetry available in Azure, AWS and GCP and the options teams have to ingest this data into Splunk.
https://www.splunk.com/en_us/blog/security/detecting-cloud-account-takeover-attacks-threat-research-release-october-2022.html
#aws #azure #gcp
π₯3
π΄ Google Cloud infrastructure reliability guide
Introduces the building blocks of reliability in Google Cloud, and provides architectural recommendations to design reliable infrastructure for your cloud workloads.
https://cloud.google.com/architecture/infra-reliability-guide
#gcp
Introduces the building blocks of reliability in Google Cloud, and provides architectural recommendations to design reliable infrastructure for your cloud workloads.
https://cloud.google.com/architecture/infra-reliability-guide
#gcp
π₯1
πΆ Configuration driven dynamic multi-account CI/CD solution on AWS
Post presenting a configuration driven dynamic CI/CD solution per repository.
https://aws.amazon.com/ru/blogs/devops/configuration-driven-dynamic-multi-account-ci-cd-solution-on-aws
#aws
Post presenting a configuration driven dynamic CI/CD solution per repository.
https://aws.amazon.com/ru/blogs/devops/configuration-driven-dynamic-multi-account-ci-cd-solution-on-aws
#aws
π₯2
π΄ How we validated the security controls of our new Confidential Space
A whitepaper demonstrating the level of security review and threat modelling any Google product goes through.
https://cloud.google.com/blog/products/identity-security/how-to-build-a-secure-confidential-space
#gcp
A whitepaper demonstrating the level of security review and threat modelling any Google product goes through.
https://cloud.google.com/blog/products/identity-security/how-to-build-a-secure-confidential-space
#gcp
π₯1
πΆ Prepare for consolidated controls view and consolidated control findings in AWS Security Hub
Security Hub is aiming to release two new features in the first quarter of 2023 that will decouple controls from standards and streamline how you view and receive control findings.
https://aws.amazon.com/ru/blogs/security/prepare-for-consolidated-controls-view-and-consolidated-control-findings-in-aws-security-hub
#aws
Security Hub is aiming to release two new features in the first quarter of 2023 that will decouple controls from standards and streamline how you view and receive control findings.
https://aws.amazon.com/ru/blogs/security/prepare-for-consolidated-controls-view-and-consolidated-control-findings-in-aws-security-hub
#aws
π1π₯1
πΆ Advanced Notice: Amazon S3 will automatically enable S3 Block Public Access and disable access control lists for all new buckets starting in April 2023
Starting in April 2023, S3 will introduce two new default bucket security settings by automatically enabling S3 Block Public Access and disabling S3 access control lists (ACLs) for all new S3 buckets. There is no change for existing buckets.
https://aws.amazon.com/ru/about-aws/whats-new/2022/12/amazon-s3-automatically-enable-block-public-access-disable-access-control-lists-buckets-april-2023
#aws
Starting in April 2023, S3 will introduce two new default bucket security settings by automatically enabling S3 Block Public Access and disabling S3 access control lists (ACLs) for all new S3 buckets. There is no change for existing buckets.
https://aws.amazon.com/ru/about-aws/whats-new/2022/12/amazon-s3-automatically-enable-block-public-access-disable-access-control-lists-buckets-april-2023
#aws
π₯3
π Dear friends,
Happy New Year 2023! π
We wish you success in your personal and career achievements! Stay with us. This year we will continue to delight you with only high-quality content!
#HappyNewYear
Happy New Year 2023! π
We wish you success in your personal and career achievements! Stay with us. This year we will continue to delight you with only high-quality content!
#HappyNewYear
π₯5
π· Cross-tenant network bypass in Azure Cognitive Search
How enabling a single vulnerable feature removed the entire network and identity perimeter around internet-isolated Azure Cognitive Search instances.
https://www.mnemonic.io/resources/blog/acsessed-cross-tenant-network-bypass-in-azure-cognitive-search
#azure
How enabling a single vulnerable feature removed the entire network and identity perimeter around internet-isolated Azure Cognitive Search instances.
https://www.mnemonic.io/resources/blog/acsessed-cross-tenant-network-bypass-in-azure-cognitive-search
#azure
π₯3π2
πΆ Cloud Cred Harvesting Campaign
A credential harvesting campaign targeting cloud infrastructure. The majority of the victim system were running public facing Juptyer Notebooks.
https://permiso.io/blog/s/christmas-cloud-cred-harvesting-campaign
#aws
A credential harvesting campaign targeting cloud infrastructure. The majority of the victim system were running public facing Juptyer Notebooks.
https://permiso.io/blog/s/christmas-cloud-cred-harvesting-campaign
#aws
π₯2
π· State of Azure IAM 2022
Azure IAM has seen major growth with 2710 new permissions and 60 new built-in roles added in 2022.
https://davidokeyode.medium.com/state-of-azure-iam-2022-512e66881128
#azure
Azure IAM has seen major growth with 2710 new permissions and 60 new built-in roles added in 2022.
https://davidokeyode.medium.com/state-of-azure-iam-2022-512e66881128
#azure
π₯2
πΆ Cloud penetration testing: Not your typical internal penetration test
A funny post where the author shares the stages of ignorance and awareness they encountered, so to help others progress through the early stages more quickly than they did.
https://sethsec.blogspot.com/2022/12/cloud-penetration-testing-not-your.html?m=1
#aws
A funny post where the author shares the stages of ignorance and awareness they encountered, so to help others progress through the early stages more quickly than they did.
https://sethsec.blogspot.com/2022/12/cloud-penetration-testing-not-your.html?m=1
#aws
π₯2
πΆ Taking The New Secrets Manager Lambda Extension For a Spin
Aquiaβs Dakota Riley compares the performance of the Secrets Manager Lambda Extension vs using the SDK directly for secrets retrieval.
https://blog.aquia.us/blog/2023-01-01-secrets-manager-lambda-extension
#aws
Aquiaβs Dakota Riley compares the performance of the Secrets Manager Lambda Extension vs using the SDK directly for secrets retrieval.
https://blog.aquia.us/blog/2023-01-01-secrets-manager-lambda-extension
#aws
π₯1
πΆ AWS Phishing: Four Ways
Post looking at some common phishing tactics in AWS: Credential Phishing, Device Authentication Phishing, CloudFormation Stack Phishing, and ACM Email Validation Phishing.
https://ramimac.me/aws-phishing
#aws
Post looking at some common phishing tactics in AWS: Credential Phishing, Device Authentication Phishing, CloudFormation Stack Phishing, and ACM Email Validation Phishing.
https://ramimac.me/aws-phishing
#aws
π₯1
πΆ SES-pionage
What do attackers do with exposed AWS access keys? This blog looks inside AWS SES to give deeper insights into the service, why & how its targeted and how to detect it.
https://permiso.io/blog/s/aws-ses-pionage-detecting-ses-abuse
#aws
What do attackers do with exposed AWS access keys? This blog looks inside AWS SES to give deeper insights into the service, why & how its targeted and how to detect it.
https://permiso.io/blog/s/aws-ses-pionage-detecting-ses-abuse
#aws
π₯2
πΆπ·π΄ Hunting for signs of persistence in the cloud: an IR guide following the CircleCI incident
Learn how to detect malicious persistence techniques in AWS, GCP, and Azure after potential initial compromise, like with the CircleCI incident.
https://www.wiz.io/blog/hunting-for-signs-of-persistence-in-the-cloud-an-ir-guide
#aws #azure #gcp
Learn how to detect malicious persistence techniques in AWS, GCP, and Azure after potential initial compromise, like with the CircleCI incident.
https://www.wiz.io/blog/hunting-for-signs-of-persistence-in-the-cloud-an-ir-guide
#aws #azure #gcp
π₯3
πΆ Detecting Anomalous AWS Sessions From Temporary Credentials - 1 of 2
Learn about short-term access keys (unofficially also known as temporary tokens or temporary credentials) in AWS, and how they can be compromised.
https://www.uptycs.com/blog/detecting-anomalous-aws-sessions-temporary-credentials
#aws
Learn about short-term access keys (unofficially also known as temporary tokens or temporary credentials) in AWS, and how they can be compromised.
https://www.uptycs.com/blog/detecting-anomalous-aws-sessions-temporary-credentials
#aws
π₯4
πΆ Cedar: A new policy language
Cedar is a new language created by AWS to define access permissions using policies, similar to the way IAM policies work today. This post explains both why this language was created and how to author policies with it.
https://onecloudplease.com/blog/cedar-a-new-policy-language
#aws
Cedar is a new language created by AWS to define access permissions using policies, similar to the way IAM policies work today. This post explains both why this language was created and how to author policies with it.
https://onecloudplease.com/blog/cedar-a-new-policy-language
#aws
π₯3
π΄ SSH key injection in Google Cloud Compute Engine
A bug which had the impact of a single-click RCE in a victim user's Compute Engine instance.
https://blog.stazot.com/ssh-key-injection-google-cloud
#gcp
A bug which had the impact of a single-click RCE in a victim user's Compute Engine instance.
https://blog.stazot.com/ssh-key-injection-google-cloud
#gcp
π₯3
π· Unauthenticated SSRF Vulnerability on Azure Functions
How the Orca Security team uncovered an SSRF Vulnerability in the Azure Functions app, allowing any unauthenticated user to request any URL by abusing the server.
https://orca.security/resources/blog/ssrf-vulnerabilities-azure-functions-app
#azure
How the Orca Security team uncovered an SSRF Vulnerability in the Azure Functions app, allowing any unauthenticated user to request any URL by abusing the server.
https://orca.security/resources/blog/ssrf-vulnerabilities-azure-functions-app
#azure
π₯3
πΆ AWS CloudTrail vulnerability: Undocumented API allows CloudTrail bypass
The Datadog Security Research Team identified a method to bypass CloudTrail logging for specific IAM API requests via undocumented APIs. This technique would allow an adversary to perform reconnaissance activities in the IAM service after gaining a foothold in an AWS account, without leaving any trace of their actions in CloudTrail.
https://securitylabs.datadoghq.com/articles/iamadmin-cloudtrail-bypass
#aws
The Datadog Security Research Team identified a method to bypass CloudTrail logging for specific IAM API requests via undocumented APIs. This technique would allow an adversary to perform reconnaissance activities in the IAM service after gaining a foothold in an AWS account, without leaving any trace of their actions in CloudTrail.
https://securitylabs.datadoghq.com/articles/iamadmin-cloudtrail-bypass
#aws
π₯6