CloudSec Wine

🔶 Improve security incident response times by using AWS Service Catalog to decentralize security notifications A decentralized approach to security notifications, using a self-service mechanism powered by AWS Service Catalog to enhance response times. https://aws.amazon.com/ru/blogs/security/improve-security-incident-response-times-by-using-aws-service-catalog-to-decentralize-security-notifications/ (Use VPN to open from Russia) #aws

🔶 AWS Launches Improvements for Key Quarantine Policy AWS made improvements to the AWSCompromisedKeyQuarantine policies in order to protect potentially compromised accounts. The changes were based on threat intelligence gathered from attacks being seen in the wild. https://sysdig.com/blog/aws-launches-improvements-for-key-quarantine-policy/ (Use VPN to open from Russia) #aws

🔶 Cloud native incident response in AWS - Part II How to quickly load data and search for interesting events in Athena. https://www.invictus-ir.com/news/cloud-native-incident-response-in-aws---part-ii #aws

🔶 Using Amazon Detective for IAM investigations How to use Detective Investigation and how to interpret and use the information provided from an IAM investigation. https://aws.amazon.com/ru/blogs/security/using-amazon-detective-for-iam-investigations/ (Use VPN to open from Russia) #aws

Стать сотрудником Яндекса быстрее и проще, чем кажется. Участвуйте в Фаст Треке и получите офер за два дня. Ближайшие Fast Track мероприятия: • 26-27 октября — для инженеров по безопасности (Инженеры AppSec, InfraSec, инженеры и аналитики SOC). Зарегистрироваться

🔴 Announcing new Confidential Computing updates for even more hardware security options Google announced the GA of several new Confidential Computing options and updates to the Google Cloud attestation service. Here's what's new. https://cloud.google.com/blog/products/identity-security/new-confidential-computing-updates-for-more-hardware-security-options/ #gcp

🔶 AWS: VPC Flow Logs, NAT Gateways, and Kubernetes Pods - a detailed overview Post covering what is a NAT Gateway, what are VPC Flow Logs, and how to use them with Kubernetes. https://itnext.io/aws-vpc-flow-logs-nat-gateways-and-kubernetes-pods-a-detailed-overview-43a6541bcc35 (Use VPN to open from Russia) #aws

🔶 Keep track of AWS user activity with SourceIdentity attribute How to use the SourceIdentity attribute in STS to trace all user activity in AssumeRole sessions back to corporate identities such as usernames or email addresses. https://redcanary.com/blog/threat-detection/aws-sourceidentity/ #aws

🔶 When AI Gets Hijacked: Exploiting Hosted Models for Dark Roleplaying Permiso has found that some attackers are using hijacked LLM infrastructure to power highly inappropriate AI chatbot services. https://permiso.io/blog/exploiting-hosted-models #aws

🔶 Managing identity source transition for AWS IAM Identity Center Post walking through the process of switching from one identity source to another and provides sample code that you can use to assist with the transition. https://aws.amazon.com/ru/blogs/security/managing-identity-source-transition-for-aws-iam-identity-center/ (Use VPN to open from Russia) #aws

🔴 CloudImposer: Executing Code on Millions of Google Servers with a Single Malicious Package Tenable Research discovered a remote code execution (RCE) vulnerability in GCP that could have allowed an attacker to hijack an internal software dependency that Google pre-installs on each Google Cloud Composer pipeline-orchestration tool. https://www.tenable.com/blog/cloudimposer-executing-code-on-millions-of-google-servers-with-a-single-malicious-package #gcp

🔶 Gaining AWS Persistence by Updating a SAML Identity Provider If an attacker has permissions to replace the metadata, they can add a metadata document from an IdP they control. After doing this, they'll be able to assume the roles that trust this identity provider. https://medium.com/@adan.alvarez/gaining-aws-persistence-by-updating-a-saml-identity-provider-ef57ebdc8db5 #aws

👩‍💻 Backdooring Azure Automation Account Packages and Runtime Environments This article explores techniques for backdooring Azure Automation Account packages and runtime environments. It covers creating malicious packages, exploiting package dependencies, and manipulating runtime environments to gain persistent access and execute arbitrary code within Azure Automation Accounts. https://www.netspi.com/blog/technical-blog/cloud-pentesting/backdooring-azure-automation-account-packages-and-runtime-environments/ #azure

🔶 A few notes on AWS Nitro Enclaves: Attack surface Trail of Bits have scrutinized the attack surface of AWS Nitro Enclaves, uncovering potential bugs that could compromise even these hardened environments. https://blog.trailofbits.com/2024/09/24/notes-on-aws-nitro-enclaves-attack-surface/ #aws

👩‍💻 Hidden in Plain Sight: Abusing Entra ID Administrative Units for Sticky Persistence AUs are a useful method for creating scoped Entra ID role assignments. However, this scoping also offers juicy new methods for anyone looking to persist quietly in an Azure tenant. https://securitylabs.datadoghq.com/articles/abusing-entra-id-administrative-units/ #azure

🔴 Transitive Access Abuse - Data Exfiltration via Document AI The Document AI service unintentionally allows users to read any Cloud Storage object in the same project and write to an attacker-controlled location. https://www.vectra.ai/blog/transitive-access-abuse-data-exfiltration-via-document-ai #gcp

👩‍💻 You can Access Private Azure DevOps Repo Data When users create a private fork of a public repository and then commit data to the private fork, all of their private commits are publicly visible. https://trufflesecurity.com/blog/you-can-access-private-azure-devops-repo-data #azure

🔶🔷🔴 Cloud Logging Tips and Tricks Post which reviews different log types and unveils some tricks to optimize logging configuration without straining budgets. https://www.wiz.io/blog/cloud-logging-tips-and-tricks #aws #azure #gcp

🔶 Hacking misconfigured AWS S3 buckets: A complete guide Some of the most common security misconfigurations in AWS S3 buckets. https://blog.intigriti.com/hacking-tools/hacking-misconfigured-aws-s3-buckets-a-complete-guide #aws

🔶 A SaaS provider's guide to securely integrating with customers' AWS accounts An opinionated guide on best practices that these vendors should follow to ensure an appropriate level of security when integrating with customers' AWS environments. https://securitylabs.datadoghq.com/articles/securely-integrating-with-customers-aws-accounts/ #aws