CloudSec Wine

🔶 Announcing the EKS Cluster Games Wiz released "The EKS Cluster Games", a cloud security Capture The Flag (CTF) event. The mission? To identify and learn about common Amazon EKS security issues. https://www.wiz.io/blog/announcing-the-eks-cluster-games #aws

🔶🔴 ApatchMe - Authenticated Stored XSS Vulnerability in AWS and GCP Apache Airflow Services Unpatched Apache Airflow instances used in AWS and GCP allow an exploitable stored XSS through the task instance details page. https://www.tenable.com/blog/apatchme-authenticated-stored-xss-vulnerability-in-aws-and-gcp-apache-airflow-services (Use VPN to open from Russia) #aws #gcp

🔴 Migrating to Google Workspace: Solving Email Routing Challenges My firsthand experience with migrating from Cloudflare Email Routing to Google Workspace. https://blog.marcolancini.it/2023/blog-migrate-to-google-workspace/ #gcp

🔶 The deputy is confused about AWS Security Hub The article highlights a potential issue with AWS Security Hub where incorrect AWS account IDs could lead to cross-tenant data pollution, potentially allowing an attacker to pollute someone else's Security Hub. https://blog.plerion.com/the-deputy-is-confused-about-aws-security-hub/ #aws

🔶 CloudKeys in the Air: Tracking Malicious Operations of Exposed IAM Keys PaloAlto analyzes an attack path starting with GitHub IAM exposure and leading to creation of AWS Elastic Compute instances, which TAs used to perform cryptojacking. https://unit42.paloaltonetworks.com/malicious-operations-of-exposed-iam-keys-cryptojacking/ #aws

🔶 AWS Network Firewall egress filtering can be easily bypassed If you are thinking of or are already using AWS Network Firewall to control and filter egress traffic to only allow connections to approved destination sites, you need to read this post, as it may not work as you have thought. https://canglad.com/blog/2023/aws-network-firewall-egress-filtering-can-be-easily-bypassed/ #aws

🔴 Detect transitive access to sensitive Google Cloud resources If a user can successfully authenticate as a service account, they gain access to all the IAM permissions associated with that account. https://p0.dev/blog/transitive-access-gcp #gcp

🔶 Fargate and Cribl (Stream): How We Got It Working The article discusses deploying Cribl using AWS Fargate to manage log data more effectively, outlining an approach to setting up this infrastructure. https://floqast.com/engineering-blog/post/fargate-and-cribl-stream-how-we-got-it-working/ #aws

🔶 Securing attacks targeted at user or kernel level for customer X with KubeArmor & AWS Bottlerock The article outlines how KubeArmor and AWS Bottlerocket enhance security in Kubernetes deployments. KubeArmor aids in blocking unwanted binaries and applying granular controls at the container level, while AWS Bottlerocket fortifies host and worker nodes. https://www.cncf.io/blog/2023/10/26/securing-attacks-targeted-at-user-or-kernel-level-for-customer-x-with-kubearmor-aws-bottlerocket/ #aws

🔷 Exploring the Dark Side of Package Files and Storage Account Abuse How attackers can abuse the Storage Account's connection string to gain unauthorized access to the Function Apps. https://3xpl01tc0d3r.blogspot.com/2023/10/exploring-dark-side-of-package-files.html #azure

🔴 Cloud CISO Perspectives: How boards can help cyber-crisis communications Google Cloud CISO Phil Venables talks about the important (and often undervalued) organizational skill of crisis communications. https://cloud.google.com/blog/products/identity-security/cloud-ciso-perspectives-how-boards-can-help-cyber-crisis-communications/ #gcp

🔶 Terraform AWS Provider: Everything you need to know about Multi-Account Authentication and Configuration Post covering multiple options available to configure the authentication between Terraform and AWS. https://hector-reyesaleman.medium.com/terraform-aws-provider-everything-you-need-to-know-about-multi-account-authentication-and-f2343a4afd4b (Use VPN to open from Russia) #aws

🔷 Everything you need to know about the Microsoft Graph Activity Logs An introduction on the new Graph APIs that can help incident responders close some visibility gaps. https://invictus-ir.medium.com/everything-you-need-to-know-about-the-microsoftgraphactivitylogs-5bd7c158dc1c (Use VPN to open from Russia) #azure

🔶 Adopt Open ID Connect (OIDC) in Terraform for secure multi-account CI/CD to AWS Deploy to AWS with Terraform and GitHub Actions using Open ID Connect (OIDC) and IAM AssumeRoleWithWebIdentity. Say goodbye to IAM users and long-lived credentials. https://hedrange.com/2023/10/07/adopt-open-id-connect-oidc-in-terraform-for-secure-multi-account-ci-cd-to-aws/ #aws

🔶 What Can Go Wrong When an EC2 Instance is Exposed to SSRF New CNAPPgoat scenario makes experimentation easy by triggering calls to AWS service from an EC2 instance exposed to SSRF. https://ermetic.com/blog/cloud/exfiltrated-signed-delivered-what-can-go-wrong-when-an-amazon-elastic-compute-cloud-ec2-instance-is-exposed-to-ssrf/ #aws

🔶 Users of Telegram, AWS, and Alibaba Cloud targeted in latest supply chain attack Throughout September 2023, an attacker executed a targeted campaign via Pypi to draw developers using Alibaba cloud services, AWS, and Telegram to their malicious packages. https://checkmarx.com/blog/users-of-telegram-aws-and-alibaba-cloud-targeted-in-latest-supply-chain-attack/ #aws

🔷 Phishing for Primary Refresh Tokens and Windows Hello keys Post describing new techniques to phish for Primary Refresh Tokens, and in some scenarios also deploy passwordless credentials that comply with even the strictest MFA policies. https://dirkjanm.io/phishing-for-microsoft-entra-primary-refresh-tokens/ #azure

🔴 Investigate Service Account Key Origins and Usage with Best Practices Deep dive on investigating service account key origins and usage, including analyzing authentication patterns, monitoring authentication events, and examining service account impersonation and key usage. https://p0.dev/blog/service-account-key-origins #gcp

🔶 Attacking AWS Cognito with Pacu Common problems in AWS Cognito security, as seen in client environments, which would benefit from automated scanning and exploitation. https://rhinosecuritylabs.com/aws/attacking-aws-cognito-with-pacu-p1/ #aws

🔶 Following attackers' (Cloud)trail in AWS: Methodology and findings in the wild Datadog's methodology to proactively identify malicious activity by investigating logs in AWS Cloudtrail. https://securitylabs.datadoghq.com/articles/following-attackers-trail-in-aws-methodology-findings-in-the-wild/ #aws