CloudSec Wine

🔷 Intelligent application protection from edge to cloud with Azure Web Application Firewall Microsoft has been evolving Azure Web Application Firewall (Azure WAF), a cloud-native, self-managed security service to protect your applications and APIs running in Azure or anywhere else, from the network edge to the cloud. https://azure.microsoft.com/en-gb/blog/intelligent-application-protection-from-edge-to-cloud-with-azure-web-application-firewall #azure

🔶 Bottlerocket Security Guidance Recommendations, details, and examples to help you create a configuration that meets your security and compliance requirements. https://github.com/bottlerocket-os/bottlerocket/blob/develop/SECURITY_GUIDANCE.md #aws

🔶 Old Services, New Tricks: Cloud Metadata Abuse by UNC2903 Mandiant identified exploitation of public-facing web applications by threat actors (UNC2903) to harvest credentials using Amazon's Instance Metadata Service (IMDS). https://www.mandiant.com/resources/cloud-metadata-abuse-unc2903 #aws

🔷 Gaining Unlimited access to graph AuditLogs endpoint using complex filters with non-privileged user account Another Azure vulnerability, this time allowing an unprivileged user to modify graph search filters so that user could access logs which would normally require admin roles. https://securecloud.blog/2022/04/21/microsoft-cloud-security-research-public-disclosure-gaining-unlimited-access-to-graph-auditlogs-endpoint-using-complex-filters-with-non-privileged-user-account #azure

🔶 How to control access to AWS resources based on AWS account, OU, or organization New IAM condition keys to make it simpler to control access across org boundaries: aws:ResourceOrgID, aws:ResourceOrgPaths, and aws:ResourceAccount. https://aws.amazon.com/blogs/security/how-to-control-access-to-aws-resources-based-on-aws-account-ou-or-organization #aws

🔶 A decade of innovating with AWS Marketplace An interesting history and overview of AWS Marketplace, which aims to make it easy to buy and deploy software from vendors into your AWS environment, like Snowflake, Databricks, Palo Alto Networks, and more. https://aws.amazon.com/ru/blogs/awsmarketplace/decade-innovating-aws-marketplace #aws

🔶 Cloud-Native Ransomware – How attacks on availability leverage cloud services Paper which outlines the paths a malicious actor might take to affect the availability of data by using the tools provided by Cloud Service Providers, as well as providing architectural patterns to make securing these systems easier and methods for detecting cloud-native ransomware. https://content.vectra.ai/rs/748-MCE-447/images/WhitePaper_Cloud_Native_Ransomware.pdf #aws

🔶 CloudGoat goes Serverless: A walkthrough of Vulnerable Lambda Functions This post walks through exploiting serverless environments and AWS Lambda functions via the CloudGoat vulnerable_lambda scenario. https://rhinosecuritylabs.com/cloud-security/cloudgoat-vulnerable-lambda-functions #aws

🔷 "ExtraReplica" - a cross-account database vulnerability in Azure PostgreSQL Wiz Research has discovered a chain of critical vulnerabilities in the widely used Azure Database for PostgreSQL Flexible Server. Dubbed ExtraReplica, this vulnerability allows unauthorized read access to other customers' PostgreSQL databases, bypassing tenant isolation. https://www.wiz.io/blog/wiz-research-discovers-extrareplica-cross-account-database-vulnerability-in-azure-postgresql #azure

🔶 Implementing Cloud Governance as a Code using Cloud Custodian Cloud Custodian enables us to define rules and remediation as one policy to facilitate a well-managed cloud infrastructure. https://www.infracloud.io/blogs/cloud-governance-code-cloud-custodian #aws

🔴 Where's my stuff on GCP? In 2018 GCP released a feature called Cloud Asset Inventory. It allows one to search for all your resources globally: "$ gcloud asset search-all-resources". https://medium.com/google-cloud/wheres-my-stuff-on-gcp-4a58badda6cc #gcp

🔶 AWS's Log4Shell Hot Patch Vulnerable to Container Escape and Privilege Escalation PaloAlto identified severe security issues within AWS Log4Shell hot patch solutions. This article provides a root cause analysis and overview of fixes and mitigations. https://unit42.paloaltonetworks.com/aws-log4shell-hot-patch-vulnerabilities #aws

🔴 Mitigating the top 10 security threats to GCP using the CIS Google Cloud Platform Foundation Benchmark What the CIS Google Cloud Platform Foundation Benchmark offers against 10 of the most common GCP misconfigurations that NCC Group comes across during client assessments. https://research.nccgroup.com/2022/04/20/mitigating-the-top-10-security-threats-to-gcp-using-the-cis-google-cloud-platform-foundation-benchmark%ef%bf%bc #gcp

🔷 Abusing Azure Container Registry Tasks How one Azure service supporting DevOps can start in a very solid "secure by default" state, but then quickly descend into a very dangerous configured state. https://posts.specterops.io/abusing-azure-container-registry-tasks-1f407bfaa465 #azure

🔶 Cross-account role trust policies should trust AWS accounts, not roles A role trust policy that trusts a specific principal suggests that only that source principal has access to it, but it does not control access to that source principal, and so makes it seem like it limits access when it may not. https://ben11kehoe.medium.com/cross-account-role-trust-policies-should-trust-aws-accounts-not-roles-32737dfeaa03 #aws

🔶 AWS Security Fundamentals Self-paced course to learn fundamental AWS cloud security concepts, including AWS access control, data encryption methods, and how network access to your AWS infrastructure can be secured. https://explore.skillbuilder.aws/learn/course/external/view/elearning/48/aws-security-fundamentals-second-edition #aws

🔶 AWS RDS Vulnerability Leads to AWS Internal Service Credentials Lightspin's Research Team obtained credentials to an internal AWS service by exploiting a local file read vulnerability on the RDS EC2 instance using the log_fdw extension. https://blog.lightspin.io/aws-rds-critical-security-vulnerability #aws

🔷 Abusing Azure Hybrid Workers for Privilege Escalation - Part 2: An Azure PrivSec Story The NetSPI team recently discovered a set of issues that allows any Azure user with the Subscription Reader role to dump saved credentials and certificates from Automation Accounts. In cases where Run As accounts were used, this allowed for a Reader to Contributor privilege escalation path. https://www.netspi.com/blog/technical/cloud-penetration-testing/abusing-azure-hybrid-workers-part-2 #azure

🔶 CVE-2022-25165: Privilege Escalation to SYSTEM in AWS VPN Client The AWS VPN Client application is affected by an arbitrary file write as SYSTEM, which can lead to privilege escalation. https://rhinosecuritylabs.com/aws/cve-2022-25165-aws-vpn-client #aws

🔴 Best practices for secure data warehouse in Google Cloud Introducing a new security blueprint that helps enterprises build a secure data warehouse. https://cloud.google.com/blog/products/identity-security/best-practices-for-secure-data-warehouse-in-google-cloud #gcp