2068
All about cloud security Contacts: @AMark0f @dvyakimov About DevSecOps: @sec_devops
🔶 Introducing guidelines for network scanning
AWS introduces network scanning guidelines for customer workloads to distinguish legitimate security scans from malicious activity.
https://aws.amazon.com/ru/blogs/security/introducing-guidelines-for-network-scanning/
(Use VPN to open from Russia)
#aws
🔶 Simplify access to external services using AWS IAM Outbound Identity Federation
AWS IAM now enables outbound identity federation, allowing developers to securely authenticate AWS workloads with external services using short-lived JSON Web Tokens instead of storing long-term credentials like API keys and passwords.
https://aws.amazon.com/ru/blogs/aws/simplify-access-to-external-services-using-aws-iam-outbound-identity-federation/
(Use VPN to open from Russia)
#aws
👩💻 Terraform Stacks: A Deep-Dive for Azure Practitioners in Europe
This article explores Terraform Stacks for Azure on HCP Terraform EU. It covers designing stacks with components and deployments, building modules, configuring authentication via OIDC, passing data between stacks, and operational tasks like provisioning and managing stacks at scale.
https://mattias.engineer/blog/2025/terraform-stacks-deep-dive-azure/
#azure
🔶 Weaponizing the AWS CLI for Persistence
This article demonstrates weaponizing AWS CLI aliases for stealthy persistence. A one-liner dynamically toggles alias activation to execute malicious payloads while preserving original command functionality, evading detection. The technique exfiltrates credentials post-execution and persists across sessions, useful for red team operations.
https://slayer0x.github.io/awscli/
#aws
🔶🔷🔴 The log rings don’t lie: historical enumeration in plain sight
Logs aren't just for defenders. This research explores how attackers exploit cloud audit logs for enumeration and reconnaissance across AWS, Azure, and GCP, and how to detect and defend.
https://www.exaforce.com/blogs/log-rings-dont-lie-historical-enumeration-in-plain-sight
#aws #azure #gcp
🔶 Managing AWS SSM Parameters with Terraform with External Updates
How to manage AWS SSM Parameters with Terraform using the lifecycle "ignore_changes" meta-argument, allowing external processes to update parameter values without Terraform reverting them on subsequent applies.
https://www.proactiveops.io/archive/managing-aws-ssm-parameters-with-terraform-with/
#aws
🔶 Introducing AWS Capabilities by Region for easier Regional planning and faster global deployment
AWS Capabilities by Region is a new planning tool that provides detailed visibility into AWS services, features, APIs, and CloudFormation resources across different AWS Regions, helping customers make informed decisions for global deployments and prevent costly rework through side-by-side regional comparisons and forward-looking roadmap information.
https://aws.amazon.com/ru/blogs/aws/introducing-aws-capabilities-by-region-for-easier-regional-planning-and-faster-global-deployments/
(Use VPN to open from Russia)
#aws
🔶 Migrating from Open Policy Agent to Amazon Verified Permissions
Post exploring the process of migrating from OPA and Rego to Verified Permissions and Cedar, including policy translation strategies, software development and testing approaches, and deployment considerations.
https://aws.amazon.com/ru/blogs/security/migrating-from-open-policy-agent-to-amazon-verified-permissions/
(Use VPN to open from Russia)
#aws
🔶 Crimson Collective: A New Threat Group Observed Operating in the Cloud
Rapid7 has observed increased activity of a new threat group attacking AWS cloud environments, Crimson Collective, who recently claimed to have stolen private repositories from Red Hat's GitLab.
https://www.rapid7.com/blog/post/tr-crimson-collective-a-new-threat-group-observed-operating-in-the-cloud/
#aws
👩💻 Decrypting VM Extension Settings with Azure WireServer
A method for decrypting Azure VM extension protected settings by interacting directly with the Azure WireServer service, bypassing the need to access local files.
https://www.netspi.com/blog/technical-blog/cloud-pentesting/decrypting-vm-extension-settings-with-azure-wireserver/
#azure
🔶🔷🔴 Vulnerabilities in LUKS2 disk encryption for confidential VMs
Trail of Bits is disclosing vulnerabilities in confidential computing systems that use LUKS2 for disk encryption. These vulnerabilities allow attackers with access to storage disks to extract confidential data and modify contents.
https://blog.trailofbits.com/2025/10/30/vulnerabilities-in-luks2-disk-encryption-for-confidential-vms/
#aws #azure #gcp
🔶 Using AWS Secrets Manager Agent with Amazon EKS
AWS Secrets Manager Agent for Amazon EKS provides a language-agnostic HTTP interface that runs locally within containers. It improves application availability by fetching secrets from local cache instead of direct API calls, and implements post-quantum cryptography protection via ML-KEM key exchange.
https://aws.amazon.com/ru/blogs/security/using-aws-secrets-manager-agent-with-amazon-eks/
(Use VPN to open from Russia)
#aws
👩💻 Inside the attack chain: Threat activity targeting Azure Blob Storage
Blog outlining some of the unique threats associated with the data storage layer, including relevant stages of the attack chain for Blob Storage to connect these risks to actionable Azure Security controls and applicable security recommendations.
https://www.microsoft.com/en-us/security/blog/2025/10/20/inside-the-attack-chain-threat-activity-targeting-azure-blob-storage/
#azure
👩💻 Reducing abuse of Microsoft 365 Exchange Online’s Direct Send
Cisco Talos has observed increased activity by malicious actors leveraging Direct Send as part of phishing campaigns. Here's how to strengthen your defenses.
https://blog.talosintelligence.com/reducing-abuse-of-microsoft-365-exchange-onlines-direct-send/
#azure
🔶 Amazon EC2 instance attestation
Learn how to use NitroTPM for attestation to verify the integrity of your EC2 instances.
https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/nitrotpm-attestation.html
(Use VPN to open from Russia)
#aws
🔶 Phishing for AWS Credentials via the New ‘aws login’ Flow
The new aws login command, designed to provide temporary credentials for local development, can be exploited by attackers for phishing, even bypassing phishing-resistant MFA.
adan.alvarez/phishing-for-aws-credentials-via-the-new-aws-login-flow-39f6969b4eae" rel="nofollow">https://medium.com/@adan.alvarez/phishing-for-aws-credentials-via-the-new-aws-login-flow-39f6969b4eae
(Use VPN to open from Russia)
#aws
🔴 Introducing the Emerging Threats Center in Google Security Operations
Google introduces the Emerging Threats Center in Google Security Operations, powered by Gemini AI. It automates detection engineering by ingesting threat intelligence, generating synthetic events, testing coverage, and creating detection rules to help security teams rapidly assess exposure and defensive posture against emerging threats.
https://cloud.google.com/blog/products/identity-security/introducing-the-emerging-threats-center-in-google-security-operations/
#gcp
👩💻 Managing Privileged Roles in Microsoft Entra ID
A three-tier model for classifying privileged Microsoft Entra ID roles: Tier 0 (core tenant administration/security), Tier 1 (major service component administration), and Tier 2 (limited-scope/read-only). Each tier has defined security controls, addressing inconsistencies in Microsoft's privileged role documentation.
https://trustedsec.com/blog/managing-privileged-roles-in-microsoft-entra-id-a-pragmatic-approach
#azure
🔴 Private AI Compute: our next step in building private and helpful AI
Google introduces Private AI Compute, a cloud AI processing platform combining Gemini models with on-device-level privacy protections. It uses hardware-secured enclaves, remote attestation, and encryption to ensure personal data remains inaccessible to anyone, including Google, while enabling faster, more capable AI experiences.
https://blog.google/technology/ai/google-private-ai-compute/
#gcp
🔴 Hacking Gemini: A Multi-Layered Approach
The article describes exploiting multi-layered architecture discrepancies in Gemini to bypass Markdown sanitization. The researcher achieved image injection through linkification quirks and context bridges (Gemini-to-Colab), enabling workspace data exfiltration via indirect prompt injection despite existing protections.
https://buganizer.cc/hacking-gemini-a-multi-layered-approach-md
(Use VPN to open from Russia)
#gcp
🔴 Public Report: Google Private AI Compute Review
NCC Group conducted a 100 person-day security review of Google's Private AI Compute system across two phases, evaluating architecture, cryptography, attestation, IP-blinding relay, T-Log system, and frontend components to ensure cloud-based AI processing maintains local-only privacy guarantees.
https://www.nccgroup.com/research-blog/public-report-google-private-ai-compute-review/
#gcp
🔶 Authorizing access to data with RAG implementations
An architecture pattern for providing strong authorization for results returned from knowledge bases with a walkthrough example of this using Amazon S3 Access Grants with Amazon Bedrock Knowledge Bases.
https://aws.amazon.com/ru/blogs/security/authorizing-access-to-data-with-rag-implementations/
(Use VPN to open from Russia)
#aws
🔴 How Google Does It: Threat modeling, from basics to AI
Google's threat modeling process follows four key questions: identifying scope, enumerating potential threats using STRIDE methodology and threat libraries, operationalizing mitigations through defensive controls and offensive red team activities, and continuously updating models through review processes and AI-powered automation with Gemini.
https://cloud.google.com/transform/how-google-does-it-threat-modeling-from-basics-to-ai/
#gcp
🔴 A practical guide to Google Cloud's Parameter Manager
Google Cloud Parameter Manager is designed to reduce unnecessarily sharing key cloud configurations, and it works with many types of data formats.
https://cloud.google.com/blog/products/identity-security/a-practical-guide-to-google-clouds-parameter-manager/
#gcp
🔶 Querying Terraform state with AWS Athena
How to use AWS Athena to query Terraform state files stored in S3, enabling SQL queries across organizational infrastructure resources.
https://awsteele.com/blog/2025/10/26/querying-terraform-state-with-aws-athena.html
#aws
🔶 Advancing Our Chef Infrastructure: Safety Without Disruption
Slack's engineering team has enhanced its Chef infrastructure to improve deployment safety and reliability without causing disruption to service owners. Instead of a complex migration to Chef Policyfiles, they focused on practical improvements to their existing EC2 and Chef frameworks.
https://slack.engineering/advancing-our-chef-infrastructure-safety-without-disruption/
#aws
🔴 What’s new in Cloud Armor: Innovations to boost security posture, threat protection
New capabilities in Cloud Armor offer more comprehensive security policies and granular network configuration controls.
https://cloud.google.com/blog/products/identity-security/cloud-armor-named-strong-performer-in-forrester-wave-new-features-launched/
#gcp
🔶 ECS on EC2: Covering Gaps in IMDS Hardening
The article discusses securing ECS on EC2 by blocking IMDS access. IMDSv2 with hop limit 1 only blocks access in bridge mode but not in awsvpc or host modes. Different networking modes require specific configurations to protect against privilege escalation attacks like ECScape.
https://www.latacora.com/blog/2025/10/02/ecs-on-ec2-covering-gaps-in-imds-hardening/
(Use VPN to open from Russia)
#aws
👩💻 CoPhish: Using Microsoft Copilot Studio as a wrapper for OAuth phishing
Copilot Studio links look benign, but they can host content to redirect users to arbitrary URLs. In this post, Datadog documents a method by which a Copilot Studio agent's login settings can redirect a user to any URL, including an OAuth consent attack.
https://securitylabs.datadoghq.com/articles/cophish-using-microsoft-copilot-studio-as-a-wrapper/
#azure
🔶 Introducing Amazon EBS Volume Clones: Create instant copies of your EBS volumes
AWS launched Amazon EBS Volume Clones, a new capability that allows users to create instant point-in-time copies of EBS volumes within the same Availability Zone with a single API call, eliminating the previous multi-step process of taking snapshots and creating volumes from them.
https://aws.amazon.com/ru/blogs/aws/introducing-amazon-ebs-volume-clones-create-instant-copies-of-your-ebs-volumes/
#aws