cloud_sec | Unsorted

Telegram-канал cloud_sec - CloudSec Wine

2068

All about cloud security Contacts: @AMark0f @dvyakimov About DevSecOps: @sec_devops

Subscribe to a channel

CloudSec Wine

👩‍💻 Microsoft expands Zero Trust workshop to cover network, SecOps, and more

Microsoft announced the expansion of the Zero Trust workshop to cover the additional technical pillars of Zero Trust, assisting customers on strategies that may contribute to securing their network, infrastructure, and connecting all these elements with security operations (SecOps).

https://www.microsoft.com/en-us/security/blog/2025/07/09/microsoft-expands-zero-trust-workshop-to-cover-network-secops-and-more/

#azure

Читать полностью…

CloudSec Wine

👩‍💻 Extracting Sensitive Information from Azure Load Testing

The blog discusses techniques for extracting sensitive information from the Azure Load Testing service, which supports Managed Identities for accessing Key Vault entries.

https://www.netspi.com/blog/technical-blog/cloud-pentesting/extracting-sensitive-information-azure-load-testing/

(Use VPN to open from Russia)

#azure

Читать полностью…

CloudSec Wine

👩‍💻 When Backups Open Backdoors: Accessing Sensitive Cloud Data via «Synology Active Backup for Microsoft 365»

A leaked credential allowed anyone unauthorized access to all Microsoft tenants of organizations that use Synology's «Active Backup for Microsoft 365» (ABM).

https://modzero.com/en/blog/when-backups-open-backdoors-synology-active-backup-m365/

(Use VPN to open from Russia)

#azure

Читать полностью…

CloudSec Wine

👩‍💻 Requesting Entra ID Tokens with Entra ID SSO Cookies

How to use a browser SSO cookie to request Entra ID OAuth tokens and enumerate a target tenant. This technique is useful when a device is not joined to an Entra ID tenant.

https://specterops.io/blog/2025/06/27/requesting-entra-id-tokens-with-entra-id-sso-cookies/

#azure

Читать полностью…

CloudSec Wine

🔶 The Future of Threat Emulation: Building AI Agents that Hunt Like Cloud Adversaries

Exploring the breakthrough potential and emerging risks of AI agents that can autonomously discover and exploit complex AWS attack chains.

https://www.offensai.com/blog/the-future-of-threat-emulation-building-ai-agents-that-hunt-like-cloud-adversaries

#aws

Читать полностью…

CloudSec Wine

🔶 JA3 and JA4 Fingerprints in AWS WAF and Beyond

This article discusses JA3 and JA4 fingerprints, including how they can be useful across cloud services, and how to use them with AWS WAF.

https://engineering.doit.com/ja3-ja4-fingerprints-aws-waf-e2d18dca198a

(Use VPN to open from Russia)

#aws

Читать полностью…

CloudSec Wine

🔶 Unify your security with the new AWS Security Hub for risk prioritization and response at scale

Amazon announced the preview release of the new AWS Security Hub which offers additional correlation, contextualization, and visualization capabilities.

https://aws.amazon.com/ru/blogs/aws/unify-your-security-with-the-new-aws-security-hub-for-risk-prioritization-and-response-at-scale-preview/

(Use VPN to open from Russia)

#aws

Читать полностью…

CloudSec Wine

🔶 Amazon GuardDuty expands Extended Threat Detection coverage to Amazon EKS clusters

GuardDuty Extended Threat Detection introduces a new critical severity finding type, which automatically correlates security signals across Amazon EKS audit logs, runtime behaviors of processes associated with EKS clusters, malware execution in EKS clusters, and AWS API activity to identify sophisticated attack patterns that might otherwise go unnoticed.

https://aws.amazon.com/ru/blogs/aws/amazon-guardduty-expands-extended-threat-detection-coverage-to-amazon-eks-clusters/

(Use VPN to open from Russia)

#aws

Читать полностью…

CloudSec Wine

🔶 Securing Amazon Redshift

How to manage access in Amazon Redshift, focusing on best practices for security.

https://dev.to/awscommunity-asean/securing-amazon-redshift-best-practices-for-access-control-15l6

#aws

Читать полностью…

CloudSec Wine

🔶 Introducing AWS API models and publicly available resources for AWS API definitions

AWS now provides daily updates of Smithy API models on GitHub, enabling developers to build custom SDK clients, understand AWS API behaviors, and create developer tools for better AWS service integration.

https://aws.amazon.com/ru/blogs/aws/introducing-aws-api-models-and-publicly-available-resources-for-aws-api-definitions/

(Use VPN to open from Russia)

#aws

Читать полностью…

CloudSec Wine

🔶 Roles Here? Roles There? Roles Anywhere: Exploring the Security of AWS IAM Roles Anywhere

This examination of the AWS Roles Anywhere service looks at potential risks, analyzed from both defender and attacker perspectives.

https://unit42.paloaltonetworks.com/aws-roles-anywhere/

#aws

Читать полностью…

CloudSec Wine

🔶 Implementing just-in-time privileged access to AWS with Microsoft Entra and AWS IAM Identity Center

By using security groups in Entra and mapping them to permission sets in IAM Identity Center, you can automate the provisioning and deprovisioning of privileged access based on defined policies and approval workflows.

https://aws.amazon.com/ru/blogs/security/implementing-just-in-time-privileged-access-to-aws-with-microsoft-entra-and-aws-iam-identity-center/

#aws

Читать полностью…

CloudSec Wine

👩‍💻 Lost in Resolution: Azure OpenAI's DNS Resolution Issue

Unit 42 researchers discovered an issue with Azure OpenAI's Domain Name System (DNS) resolution logic that could have enabled cross-tenant data leaks and meddler-in-the-middle (MitM) attacks.

https://unit42.paloaltonetworks.com/azure-openai-dns-resolution/

#azure

Читать полностью…

CloudSec Wine

👩‍💻 Azure Arc - C2aaS

Post exploring Azure Arc's overlooked C2aaS potential: attacking and defending against its usage and exploring use cases for Red Teams.

https://blog.zsec.uk/azure-arc-c2aas/

#azure

Читать полностью…

CloudSec Wine

🔶 boto3-refresh-session

A simple Python package for refreshing AWS temporary credentials in boto3 automatically.

https://github.com/michaelthomasletts/boto3-refresh-session

#aws

Читать полностью…

CloudSec Wine

👩‍💻 eBPF-based networking & security integration with Microsoft Sentinel

This post explores the setup and configuration of Cilium and Tetragon in Azure Kubernetes Service and integrating & monitoring with Microsoft Sentinel.

https://akingscote.co.uk/posts/aks-cilium-tetragon-ebpf/

(Use VPN to open from Russia)

#azure

Читать полностью…

CloudSec Wine

👩‍💻 Azure's Role Roulette: How Over-Privileged Roles and API Vulnerabilities Expose Enterprise Networks

Several Azure built-in roles are misconfigured to be over-privileged - they grant more permissions than intended by Azure.

https://www.token.security/blog/azures-role-roulette-how-over-privileged-roles-and-api-vulnerabilities-expose-enterprise-networks

(Use VPN to open from Russia)

#azure

Читать полностью…

CloudSec Wine

👩‍💻 Azure Machine Learning Escalation: When Pipelines Go Off the Rails

Orca uncovers a privilege escalation risk in Azure Machine Learning pipelines that could allow attackers to run code and access sensitive data.

https://orca.security/resources/blog/azure-machine-learning-privilege-escalation/

#azure

Читать полностью…

CloudSec Wine

🔶🔴 gcp-oidc-aws

A Terraform module that creates a GCP Workload Identity Federation to allow AWS workloads to authenticate to GCP via a GCP Service Account, without storing service account keys.

https://github.com/marco-lancini/utils/tree/main/terraform/gcp-oidc-aws

#aws #gcp

Читать полностью…

CloudSec Wine

🔶 Sign in with your eID: Using AWS IAM Roles Anywhere with a SmartCard Reader

A fun experiment: the Belgian eID, which includes an authentication certificate, can be utilized to authenticate users without requiring extensive certificate management.

https://cloudar.be/awsblog/sign-in-with-your-eid-using-aws-iam-roles-anywhere-with-a-smartcard-reader/

#aws

Читать полностью…

CloudSec Wine

👩‍💻 Microsoft Entra ID OAuth Phishing and Detections

This article explores OAuth phishing and token-based abuse in Microsoft Entra ID. Through emulation and analysis of tokens, scope, and device behavior during sign-in activity, it surfaces high-fidelity signals defenders can use to detect and hunt for OAuth misuse.

https://www.elastic.co/security-labs/entra-id-oauth-phishing-detection

#azure

Читать полностью…

CloudSec Wine

🔶 AWS Backup adds new Multi-party approval for logically air-gapped vaults

Multi-party approval for AWS Backup logically air-gapped vaults enables organizations to recover their backup data even when their AWS account is compromised, by creating approval teams of trusted individuals who can authorize vault sharing with a recovery account through a separate authentication path.

https://aws.amazon.com/ru/blogs/aws/aws-backup-adds-new-multi-party-approval-for-logically-air-gapped-vaults/

(Use VPN to open from Russia)

#aws

Читать полностью…

CloudSec Wine

🔴 How Google Cloud is securing open-source credentials at scale

Google developed a tool to scan open-source package and image files by default for leaked Google Cloud credentials to help protect Google Cloud customers who publish open-source artifacts.

https://cloud.google.com/blog/products/identity-security/securing-open-source-credentials-at-scale

#gcp

Читать полностью…

CloudSec Wine

🔶 How to use on-demand rotation for AWS KMS imported keys

AWS announced support for on-demand rotation of symmetric encryption AWS Key Management Service (AWS KMS) keys with imported key material (EXTERNAL origin). This new capability enables you to rotate the cryptographic key material of these keys without changing the key identifier.

https://aws.amazon.com/ru/blogs/security/how-to-use-on-demand-rotation-for-aws-kms-imported-keys/

(Use VPN to open from Russia)

#aws

Читать полностью…

CloudSec Wine

🔶 Introducing the AWS Security Champion Knowledge Path and digital badge

The Security Champion Knowledge path is an educational framework designed to empower developers and software engineers with essential AWS cloud security knowledge and best practices.

https://aws.amazon.com/ru/blogs/security/introducing-the-aws-security-champion-knowledge-path-and-digital-badge/

#aws

Читать полностью…

CloudSec Wine

👩‍💻 Persisting Unseen: Defending against Entra ID persistence

Post covering some methods attackers may use now or in the near future to maintain access to Entra ID (formerly Azure AD) once they've obtained a privileged foothold.

https://kknowl.es/posts/defending-against-entra-id-persistence/

#azure

Читать полностью…

CloudSec Wine

🔴 The Cost of a Call: From Voice Phishing to Data Extortion

UNC6040 uses vishing to impersonate IT support, deceiving victims into granting access to their Salesforce instances.

https://cloud.google.com/blog/topics/threat-intelligence/voice-phishing-data-extortion

#gcp

Читать полностью…

CloudSec Wine

🔶 CloudTrail Logging Evasion: Where Policy Size Matters

Permiso uncovered a subtle yet critical logging evasion vulnerability within AWS environments - mainly the differing size limitations of individual AWS CloudTrail logs versus the actual content being logged. By exploiting whitespace and other syntactic quirks, an attacker can create valid IAM policies that effectively bypass CloudTrail logging.

https://permiso.io/blog/cloudtrail-logging-evasion-where-policy-size-matters

#aws

Читать полностью…

CloudSec Wine

👩‍💻 proxyblob

SOCKS5 proxy tool that uses Azure Blob Storage as a means of communication.

https://github.com/quarkslab/proxyblob

#azure

Читать полностью…

CloudSec Wine

🔴 Safer automated deployments with new Cloud Deploy features

New automations in the Cloud Deploy continuous delivery platform help keep production environments reliable and up-to-date.

https://cloud.google.com/blog/products/devops-sre/new-cloud-deploy-features-for-automated-deployments/

#gcp

Читать полностью…
Subscribe to a channel