CloudSec Wine

🔴 Google Cloud - Managing Google's Unverified Authentication Library In Google Cloud, Application Default Credentials (ADC) allows your code/applications to automatically find and use credentials. https://akingscote.co.uk/posts/gcloud-unconfigured-third-party-apps/ #gcp

🔴 Streamlined Security: Introducing Network Security Integration Network Security Integration can help you integrate third-party network appliance or service deployments with your Google Cloud workloads. https://cloud.google.com/blog/products/networking/introducing-network-security-integration/ #gcp

🔴 Streamlined Security: Introducing Network Security Integration Network Security Integration can help you integrate third-party network appliance or service deployments with your Google Cloud workloads. https://cloud.google.com/blog/products/networking/introducing-network-security-integration/?utm_source=cloudseclist.com&utm_medium=referral&utm_campaign=CloudSecList-issue-280 #gcp

🔶👩‍💻 AWS CloudWatch log ingestion to Microsoft Sentinel A solution using CloudWatch log subscription filters to stream logs to an S3 bucket via Kinesis Firehose. https://medium.com/@paulschwarzenberger/aws-cloudwatch-log-ingestion-to-microsoft-sentinel-fa5084de41f9 (Use VPN to open from Russia) #aws #azure

👩‍💻 Understanding Elevate Access mechanism, its implementation, and logs where activities are recorded This article aims to provide a deeper technical understanding of the Elevate Access mechanism, including its underlying implementation, the specific logs where activities are recorded, when you DON'T need Elevate Access to get the same permissions, and the practical techniques attackers use to leverage it. https://permiso.io/blog/azures-apex-permissions-elevate-access-the-logs-security-teams-overlook (Use VPN to open from Russia) #azure

👩‍💻 Az-Skywalker Enumerate all secrets in all Azure Key Vaults and Logic Apps across all subscriptions. https://github.com/Az-Skywalker/Az-Skywalker #azure

🔶 Amazon EKS now envelope encrypts all Kubernetes API data by default EKS enables default envelope encryption for all Kubernetes API data in EKS clusters running Kubernetes version 1.28 or higher. https://aws.amazon.com/ru/about-aws/whats-new/2025/03/amazon-eks-envelope-encrypts-kubernetes-api-data-default/ (Use VPN to open from Russia) #aws

🔴 Project Shield makes it easier to sign up, set up, automate DDoS protection Project Shield employs Google Cloud Armor to defend against DDoS attacks with minimal user configuration. https://cloud.google.com/blog/products/identity-security/project-shield-makes-it-easier-to-sign-up-set-up-automate-ddos-protection/ #gcp

🔴 Safer and Multimodal: Responsible AI with Gemma ShieldGemma 2 can detect harmful content in AI models' text and image inputs/outputs, built on Gemma 3 for safer AI development. https://developers.googleblog.com/en/safer-and-multimodal-responsible-ai-with-gemma/ #gcp

👩‍💻 MistakenVMtity: Another cloud image confusion attack Post discussing vulnerabilities in Azure's CLI related to cloud image confusion attacks, similar to those identified last month in AWS. https://onecloudplease.com/blog/mistakenvmtity-another-cloud-image-confusion-attack #azure

🔴 gcp-landing-zone This repository contains the Terraform code necessary to set up a Landing Zone using the Google Cloud Platform (GCP). https://github.com/ollionorg/gcp-landing-zone #gcp

👩‍💻 Disrupting a global cybercrime network abusing generative AI Microsoft is actively fighting against a global cybercrime network known as Storm-2139, which exploits generative AI technologies. https://blogs.microsoft.com/on-the-issues/2025/02/27/disrupting-cybercrime-abusing-gen-ai/ #azure

🔴 Introducing AI Protection: Security for the AI era Google Cloud's new AI Protection safeguards AI workloads and data across clouds and models, no matter the platform. https://cloud.google.com/blog/products/identity-security/introducing-ai-protection-security-for-the-ai-era/ #gcp

🔶 Evaluating AWS Native Approaches for Detecting Suspicious API Calls Three primary approaches: 1) EventBridge → SNS → Email, 2) CloudTrail → S3 → Lambda → SNS → Email, and 3) CloudTrail → CloudWatch → MetricFilter → MetricAlert → SNS → Email. https://medium.com/@adan.alvarez/diy-evaluating-aws-native-approaches-for-detecting-suspicious-api-calls-c6e05de97a49 (Use VPN to open from Russia) #aws

👩‍💻 VaultRecon: An Azure Control Plane/Data Plane Isolation Flaw A vulnerability in Microsoft Azure that allows users with Reader access to expose sensitive metadata about secrets stored in Azure Key Vaults. https://cirriustech.co.uk/blog/azure-vault-recon/ #azure

🔶 From log analysis to rule creation: How AWS Network Firewall automates domain-based security for outbound traffic Post guiding you through the implementation of the AWS Network Firewall automated domain list feature, providing a detailed overview, step-by-step instructions, and best practices to optimize your network security. https://aws.amazon.com/ru/blogs/security/from-log-analysis-to-rule-creation-how-aws-network-firewall-automates-domain-based-security-for-outbound-traffic/ (Use VPN to open from Russia) #aws

🔶 Connect your on-premises Kubernetes cluster to AWS APIs using IAM Roles Anywhere IAM Roles Anywhere enables workloads outside of AWS to access AWS resources by exchanging X.509 bound identities for temporary AWS credentials. https://aws.amazon.com/ru/blogs/security/connect-your-on-premises-kubernetes-cluster-to-aws-apis-using-iam-roles-anywhere/ (Use VPN to open from Russia) #aws

🔴 Inter-VPC connectivity architecture patterns in Cross-Cloud Network How to use Cross-Cloud Network to design inter-network communication architectures with Network Connectivity Center or VPC peering. https://cloud.google.com/blog/products/networking/inter-network-communication-design-with-ncc-vpc-peering/ #gcp

🔴 Finding Malware: Detecting Fake Browser Updates Attacks with Google Security Operations This post dive into Fake Browser Update Attacks, the payloads they deliver, and detection opportunities within the Google SecOps platform. https://www.googlecloudcommunity.com/gc/Community-Blog/Finding-Malware-Detecting-Fake-Browser-Updates-Attacks-with/ba-p/876307 #gcp

🔶 The Risk You Can't Afford to Ignore: AWS SES and Email Spoofing This article discusses AWS SES email spoofing vulnerabilities, potentially enabling phishing attacks. https://badshah.io/aws-ses-and-email-spoofing/ #aws