CloudSec Wine

👩‍💻 How Did Singapore Bypass Your US-Only Conditional Access? Microsoft's geolocation service misidentified the Singapore logins as originating from the Eastern Seaboard (New York, New Jersey, Virginia). https://petrasecurity.substack.com/p/how-did-singapore-bypass-your-us #azure

🔶 Emulating AWS S3 SSE-C Ransom for Threat Detection Article exploring how threat actors leverage Amazon S3's Server-Side Encryption with Customer-Provided Keys (SSE-C) for ransom/extortion operations. https://www.elastic.co/security-labs/emulating-aws-s3-sse-c #aws

🔶 Abusing AWS Serverless Image Handler The AWS solution "Dynamic Image Transformation for Amazon CloudFront", previously known as "AWS Serverless Image Handler", contains a configuration weakness where the role associated with the Lambda does not constrain which buckets can be accessed. The environment variable can be set to a wildcard allowing access to any bucket. https://www.o3c.no/knowledge/abusing-aws-serverless-image-handler #aws

🔶 The Cat Flap - How to really Purrsist in AWS Accounts A playful guide to creating covert backdoors in AWS accounts, specifically using the AWSControlTowerExecution role. https://rootcat.de/blog/thecatflap/ #aws

🔴 jit-groups JIT Groups is an open source application that lets you implement secure, self-service access management for Google Cloud using groups. https://github.com/GoogleCloudPlatform/jit-groups #gcp

🔶 Announcing ASCP integration with Pod Identity: Enhanced security for secrets management in Amazon EKS The integration of ASCP with Pod Identity marks a significant step forward in secrets management for Amazon EKS. It offers enhanced security, simplified configuration, and improved operations. https://aws.amazon.com/ru/blogs/security/announcing-ascp-integration-with-pod-identity-enhanced-security-for-secrets-management-in-amazon-eks/ (Use VPN to open from Russia) #aws

🔶 AWS Tightens the Reins: New AWS SaaS Marketplace Rules Will Impact Your Commitments AWS has announced new rules for its SaaS Marketplace that will significantly affect how customers meet their spend commitments. https://www.duckbillgroup.com/blog/new-aws-marketplace-rules/ #aws

🔶 whoAMI: A cloud image name confusion attack Post detailing the discovery and impact of the whoAMI cloud image name confusion attack, which could allow attackers to execute code within AWS accounts due to a vulnerable pattern in AMI retrieval. https://securitylabs.datadoghq.com/articles/whoami-a-cloud-image-name-confusion-attack/ #aws

👩‍💻 What in the MFA? Deconflicting MFA settings in Microsoft Entra ID Post discussing the challenges of managing multifactor authentication (MFA) settings in Microsoft Entra ID, especially in light of evolving threats. https://www.securesloth.com/home/what-in-the-mfa #azure

🔶 terraform-aws-vulne-soldier This Terraform module consists of the configuration for automating the remediation of AWS EC2 vulnerabilities using AWS Inspector findings. https://github.com/iKnowJavaScript/terraform-aws-vulne-soldier #aws #tools

#BTC 💰⚡️ Если некоторые штаты одобрят локальные стратегические резервы в #BTC, то это приведет к спросу на первую крипту в размере $24 млрд! Так считают ребята из инвесткомпании VanEck. При этом сумма НЕ включает потенциальные инвестиции пенсионных фондов.

«We analyzed 20 state-level Bitcoin reserve bills. If enacted, they could drive $24 billion in buying, or 247k BTC. This sum is independent of any pension fund allocations, likely to rise if legislators move forward. this $24b number is potentially conservative, given the lack of details (many of these states are «n/a» with size unknown)»

💥 По мнению CEO Satoshi Action Fund Денниса Портера, Юта может стать первым штатом США, где одобрят подобный законопроект. Мы на пороге большого туземуна! @cryptohab25

🔶 Implement effective data authorization mechanisms to secure your data used in generative AI applications - part 2 Depending on where the data sits as part of the generative AI application, you will need to use different implementations of data authorization, and there isn't a one-size-fits-all solution. https://aws.amazon.com/ru/blogs/security/implement-effective-data-authorization-mechanisms-to-secure-your-data-used-in-generative-ai-applications-part-2/ (Use VPN to open from Russia) #aws

🔶 How Adversaries Exploit Unmonitored Cloud Regions to Evade Detection This blog explores how unused cloud regions can be abused, the tools that enable such exploits, and strategies to mitigate these risks. https://permiso.io/blog/how-threat-actors-leverage-unsupported-cloud-regions #aws

🔶 RogueOIDC: AWS Persistence and Evasion through attacker-controlled OIDC Identity Provider This research shows what an attacker can achieve after creating a malicious OIDC identity provider in AWS and how they can do it. The article presents novel techniques and tools for persistence and evasion. https://www.offensai.com/blog/rogueoidc-aws-persistence-and-evasion-through-attacker-controlled-oidc-identity-provider (Use VPN to open from Russia) #aws

🔶 CopyObjection: Fending off ransomware in AWS In a compromised AWS environment, adversaries can copy S3 objects, encrypt them, and prevent the victim from recovering the encryption keys. https://redcanary.com/blog/incident-response/aws-ransomware/ #aws

🔶 AWS Firewall Manager retrofitting: Harmonizing central security with application team flexibility Post talking about the benefits of retrofitting and how you can use this feature to allow Firewall Manager to manage existing web ACLs. https://aws.amazon.com/ru/blogs/security/aws-firewall-manager-retrofitting-harmonizing-central-security-with-application-team-flexibility/ (Use VPN to open from Russia) #aws

🔶 Testing and evaluating GuardDuty detections Deep dive into an open source tool for testing GuardDuty findings. https://aws.amazon.com/ru/blogs/security/testing-and-evaluating-guardduty-detections/ #aws

🔴 Introducing Workload Manager custom rules With new Workload Manager custom rules, you can validate your Google Cloud deployments against best practices to help ensure they are compliant. https://cloud.google.com/blog/products/compute/introducing-workload-manager-custom-rules/ #gcp

👩‍💻 Step-by-Step Guide : How to use Temporary Access Pass with internal guest users The guide explains how to use Temporary Access Pass (TAP) with internal guest users in Microsoft Entra ID. TAP is a time-limited passcode designed for single use or multiple sign-ins, enhancing security by enabling passwordless authentication. https://techcommunity.microsoft.com/blog/itopstalkblog/step-by-step-guide--how-to-use-temporary-access-pass-tap-with-internal-guest-use/4365541 #azure

🔶 AWS EKS Access Management & Permissions This post explores the following AWS EKS technologies, and applies them to the context of a real scenario: aws-auth (2018), IRSA (IAM Roles for Service Accounts) (2019), EKS Pod Identities (2023), and EKS Cluster Access Management (2023). https://akingscote.co.uk/posts/aws-eks-access-management/ #aws