CloudSec Wine

🔶 Elastic and AWS Serverless Application Repository (SAR) How to use the Elastic serverless forwarder, that is published in the AWS Serverless Application Repository (SAR), to simplify log ingestion from S3. https://www.elastic.co/blog/elastic-and-aws-serverless-application-repository-speed-time-to-actionable-insights-with-frictionless-log-ingestion-from-amazon-s3 #aws

🔴 Auditing GKE operations? Configure Data Access audit logs The GKE Admin Activity logs are missing "get" operations on Secret objects by default. So for example, if you store a service account password in your cluster as a Kubernetes secret, a "kubectl get secret service_account_password -o yaml" will get an attacker the entire secret without logging a single line into the audit logs. https://padlock.argh.in/2022/02/10/gke-audit.html #gcp

🔶 A "Safety Net" for AWS Canarytokens AWS Canarytokens are a low-effort, high-fidelity method to detect attackers who have compromised your infrastructure. https://blog.thinkst.com/2022/02/a-safety-net-for-aws-canarytokens.html #aws

🔷 Understanding and Protecting local authentication for Azure services - Part 1 The challenge is to protect service-level (or local) authentication credentials from malicious or unintended use in a way that is manageable at scale. https://davidokeyode.medium.com/understanding-and-protecting-local-authentication-for-azure-services-part-1-e1b308e7b05f #azure

🔶 AWS IAM: Best practices [Part 1] Some approaches on how to manage IAM policies at scale, how these approaches/practices will affect access management and how to include these practices in an existing or new setup. https://www.iampulse.com/articles/aws-iam-best-practices-part-1 #aws

🔶 Ransomware-resistant backups with duplicity and AWS S3 Why you should care about ransomware attacks even for irrelevant internet-connected systems, and how to use duplicity with AWS S3 to create ransomware-resistant backups. https://www.franzoni.eu/ransomware-resistant-backups #aws

🔴 GCP - Specifying an expiry time for user-managed keys It is now (finally!) possible to specify a default expiry for service account keys. https://cloud.google.com/iam/docs/service-accounts#key-expiry #gcp

🔶 Bypassing the AWS WAF protection with an 8KB bullet The AWS WAF and Shield service can be used to protect web applications against a lot of different types of attacks. However, it has a limitation on the size of the packet that it can inspect that could result in attackers being able to bypass its protection features. https://kloudle.com/blog/the-infamous-8kb-aws-waf-request-body-inspection-limitation #aws

🔶 Attack trend alert: AWS-themed credential phishing technique They're at it again. This time attackers are phishing for credentials by sending fake AWS log-in pages to unsuspecting users. https://expel.com/blog/attack-trend-alert-aws-themed-credential-phishing-technique #aws

🔶 Handling Auth in EKS Clusters: Setting Up Kubernetes User Access Using AWS IAM How to get authentication working correctly in EKS from the beginning. https://nextlinklabs.com/insights/handling-authentication-in-EKS-clusters-kubernetes-AWS-IAM #aws

🔶 Handling Auth in EKS Clusters: Setting Up Kubernetes User Access Using AWS IAM How to get authentication working correctly in EKS from the beginning. https://nextlinklabs.com/insights/handling-authentication-in-EKS-clusters-kubernetes-AWS-IAM #aws

🔶 Why you need to update your risky default EMR managed roles and policies Post examining EMR's default roles and managed policies to understand if they follow security best practices of least privileges. https://blog.lightspin.io/why-update-risky-default-emr-managed-roles-and-policies #aws

🔶 Kubernetes protection in Amazon GuardDuty GuardDuty can now monitor Kubernetes clusters within your AWS environment. https://docs.aws.amazon.com/guardduty/latest/ug/kubernetes-protection.html #aws

🔶 Kubernetes protection in Amazon GuardDuty GuardDuty can now monitor Kubernetes clusters within your AWS environment https://docs.aws.amazon.com/guardduty/latest/ug/kubernetes-protection.html #aws

🔶 Catalog of AWS Customer Security Incidents This repository seeks to index all publicly disclosed AWS customer security incidents with a known root cause. https://github.com/ramimac/aws-customer-security-incidents #aws

🔶 How I Discovered Thousands of Open Databases on AWS A writeup describing the journey on finding and reporting databases with sensitive data about Fortune-500 companies, hospitals, crypto platforms, startups, and more. https://infosecwriteups.com/how-i-discovered-thousands-of-open-databases-on-aws-764729aa7f32 #aws

🔶 Top 10 security best practices for securing backups in AWS This post will guide you through a curated list of the top ten security best practices to secure your backup data and operations in AWS. https://aws.amazon.com/ru/blogs/security/top-10-security-best-practices-for-securing-backups-in-aws/ #aws

🔶 GitHub Actions - Update on OIDC based deployments to AWS If you use OIDC to deploy from Github Action to AWS, update the trusted thumbprint! https://github.blog/changelog/2022-01-13-github-actions-update-on-oidc-based-deployments-to-aws/ #aws

🔴 Creating your first GCP Organization A walk-through for anyone who hasn't yet created their first Google Identity domain for experimentation in GCP. https://www.chrisfarris.com/post/gcp-create-domain/ #gcp

🔶 Vulnerable AWS Lambda function - Initial access in cloud attacks How a vulnerable AWS Lambda function could be used by attackers, and some best practices to mitigate these attacks. https://sysdig.com/blog/exploit-mitigate-aws-lambdas-mitre/ #aws