CloudSec Wine

🔶 How to create a pipeline for hardening Amazon EKS nodes and automate updates How to enhance the security of managed node groups using a CIS Amazon Linux benchmark for Amazon Linux 2 and Amazon Linux 2023. https://aws.amazon.com/ru/blogs/security/how-to-create-a-pipeline-for-hardening-amazon-eks-nodes-and-automate-updates/ (Use VPN to open from Russia) #aws

🔴 The Unauditable, Unmanageable HMAC Keys in Google Cloud This blog outlines three vulnerabilities surfaced from how Google Cloud handles user-associated HMAC keys. https://www.vectra.ai/blog/working-as-intended-the-unauditable-unmanageable-keys-in-google-cloud #gcp

🔶 Tales from the cloud trenches: Raiding for AWS vaults, buckets and secrets Post exploring a campaign targeting AWS Secrets Manager, AWS S3 and AWS S3 Glacier. https://securitylabs.datadoghq.com/articles/tales-from-the-cloud-trenches-raiding-for-vaults-buckets-secrets/ #aws

🔶 Simplify AWS CloudTrail log analysis with natural language query generation in CloudTrail Lake Streamline compliance and security analysis using natural language query generation. Ask questions like "What errors occurred last month?" and get ready-to-run SQL queries tailored to your needs - no technical expertise required. https://aws.amazon.com/ru/blogs/aws/simplify-aws-cloudtrail-log-analysis-with-natural-language-query-generation-in-cloudtrail-lake-preview/ (Use VPN to open from Russia) #aws

🔴 Introducing GKE Compliance: Maintain clusters and workloads against industry standards Google announced built-In, fully managed GKE Compliance within GKE posture management. https://cloud.google.com/blog/products/containers-kubernetes/gke-compliance-reports-on-cluster-and-workload-posture/ #gcp

🔶 Simplify risk and compliance assessments with the new common control library in AWS Audit Manager Audit Manager introduces a common control library that provides common controls with predefined and pre-mapped AWS data sources. https://aws.amazon.com/ru/blogs/aws/simplify-risk-and-compliance-assessments-with-the-new-common-control-library-in-aws-audit-manager/ #aws

🔴 How you can build a FedRAMP High-compliant network with Assured Workloads Several best practices for securely deploying a network architecture that aligns with FedRAMP High. https://cloud.google.com/blog/products/identity-security/how-you-can-build-a-fedramp-high-compliant-network-with-assured-workloads/ #gcp

🔶 How to securely transfer files with presigned URLs Best practices for generating and distributing presigned URLs, security considerations, and recommendations for monitoring usage and access patterns. https://aws.amazon.com/ru/blogs/security/how-to-securely-transfer-files-with-presigned-urls/ #aws

🔴 prel Aan application that temporarily assigns Google Cloud IAM Roles and includes an approval process. https://github.com/lirlia/prel #gcp

👩‍💻 Stormspotter Azure Red Team tool for graphing Azure and Azure Active Directory objects. https://github.com/Azure/Stormspotter #azure

🔶 sustainability-scanner Validate AWS CloudFormation templates against AWS Well-Architected Sustainability Pillar best practices. https://github.com/awslabs/sustainability-scanner #aws

🔶 Amazon CloudWatch Logs announces Live Tail streaming CLI support You can now view your logs interactively in real-time as they're ingested via AWS CLI or programmatically within your own custom dashboards inside or outside of AWS. https://aws.amazon.com/ru/about-aws/whats-new/2024/06/amazon-cloudwatch-logs-announces-live-tail-streaming-cli-support/ #aws

🔶 Things you wish you didn't need to know about S3 S3 is weirder than you think. Make sure you know all the quirks before they turn into vulnerabilities in your AWS infrastructure. https://blog.plerion.com/things-you-wish-you-didnt-need-to-know-about-s3/ #aws

🔶 Accelerate incident response with Amazon Security Lake The first of a two-part series that will demonstrate the value of Amazon Security Lake and how you can use it and other resources to accelerate your incident response (IR) capabilities. https://aws.amazon.com/ru/blogs/security/accelerate-incident-response-with-amazon-security-lake/ #aws

🔶 How Parametric Built Audit Surveillance using AWS Data Lake Architecture How Parametric implemented their Audit Surveillance Data Lake on AWS with purpose-built fully managed analytics services. With this solution, Parametric was able to respond to various audit requests within hours rather than days or weeks. https://aws.amazon.com/ru/blogs/architecture/how-parametric-built-audit-surveillance-using-aws-data-lake-architecture/ #aws

🔴 What's new for the Google Cloud global front end for web delivery and protection A deeper look at how the global front end solution improves the performance, protection, and scalability of their internet-facing web services. https://cloud.google.com/blog/products/networking/recent-enhancements-to-the-global-front-end-solution/ #gcp

🔶 Publicly Exposed AWS Document DB Snapshots Post detailing the research around DocumentDB, and a deep dive on a public exposure impacting millions of customers of a publicly traded company. https://ramimac.me/exposed-docdb #aws

🔶 Non-Production Endpoints as an Attack Surface in AWS Two new archetypes for bypassing AWS CloudTrail through certain non-production endpoints with API actions that access account-level information and through API calls which generate multiple events in CloudTrail. https://securitylabs.datadoghq.com/articles/non-production-endpoints-as-an-attack-surface-in-aws/ #aws

🔴 Holes in Your Bitbucket: Why Your CI/CD Pipeline Is Leaking Secrets Bitbucket Secured Variables can be leaked in your pipeline and expose you to security breaches. https://cloud.google.com/blog/topics/threat-intelligence/bitbucket-pipeline-leaking-secrets #gcp

🔶 AWS Cloud Incident Analysis Query Cheatsheet A cheatsheet for analyzing AWS cloud incidents using CloudTrail with AWS Athena. https://securosis.com/blog/aws-cloud-incident-analysis-query-cheatsheet/ #aws