1510
All about cloud security Contacts: @AMark0f @dvyakimov About DevSecOps: @sec_devops
🔷 Defending new vectors: Threat actors attempt SQL Server to cloud lateral movement
Microsoft's analysis of an attempt to steal the cloud identity in a SQL Server instance for lateral movement highlights the importance of securing cloud identities and implementing least privilege practices when deploying cloud-based and on-premises solutions.
https://www.microsoft.com/en-us/security/blog/2023/10/03/defending-new-vectors-threat-actors-attempt-sql-server-to-cloud-lateral-movement/
#azure
🔶 Deploy AWS WAF faster with Security Automations
You can now deploy AWS WAF managed rules as part of the Security Automations for AWS WAF solution.
https://aws.amazon.com/ru/blogs/security/deploy-aws-managed-rules-using-security-automations-for-aws-waf/
#aws
🔶 Enable external pipeline deployments to AWS Cloud by using IAM Roles Anywhere
Post walking through the steps on how to obtain AWS temporary credentials for your external CI/CD pipelines by using IAM Roles Anywhere and an on-premises hosted server running Azure DevOps Services.
https://aws.amazon.com/ru/blogs/security/enable-external-pipeline-deployments-to-aws-cloud-by-using-iam-roles-anywhere/
#aws
🔶 AWS's Hidden Threat: AMBERSQUID Cloud-Native Cryptojacking Operation
The Sysdig Threat Research Team (TRT) has uncovered a novel cloud-native cryptojacking operation which they've named AMBERSQUID. This operation leverages AWS services not commonly used by attackers, such as AWS Amplify, AWS Fargate, and Amazon SageMaker.
https://sysdig.com/blog/ambersquid/
(Use VPN to open from Russia)
#aws
🔶🔷🔴 How to Rotate Leaked API Keys
A collection of API key rotation tutorials for AWS, GCP, GitHub , and more.
https://howtorotate.com/docs/introduction/getting-started/
#aws #azure #gcp
🔷 38TB of data accidentally exposed by Microsoft AI researchers
Wiz Research found a data exposure incident on Microsoft's AI GitHub repository, including over 30,000 internal Microsoft Teams messages - all caused by one misconfigured SAS token.
https://www.wiz.io/blog/38-terabytes-of-private-data-accidentally-exposed-by-microsoft-ai-researchers
#azure
🔶 How Attackers Can Misuse AWS CloudFront Access to 'Make It Rain' Cookies
Post exploring two different attack scenarios: Cookie Theft via CloudFront Function, and Data Exfiltration via Lambda Function Modification.
adan.alvarez/how-attackers-can-misuse-aws-cloudfront-access-to-make-it-rain-cookies-acf9ce87541c" rel="nofollow">https://medium.com/@adan.alvarez/how-attackers-can-misuse-aws-cloudfront-access-to-make-it-rain-cookies-acf9ce87541c
(Use VPN to open from Russia)
#aws
🔶 AWS Console Session Traceability: How Attackers Obfuscate Identity Through the AWS Console
Attackers can take advantage of a quirk of the default AWS configuration (without SourceIdentity configured) to potentially make detecting and attributing their actions more difficult.
https://www.gem.security/post/aws-console-session-traceability-how-attackers-obfuscate-identity-through-the-aws-console
#aws
🔷 Announcing Notation Azure Key Vault plugin v1.0 for signing container images
The Notary Project is being adopted by Azure Key Vault.
https://techcommunity.microsoft.com/t5/apps-on-azure-blog/announcing-notation-azure-key-vault-plugin-v1-0-for-signing/ba-p/3920895
#azure
🔶 Lessons from Recent Social Engineering Attacks on Okta Super Admin Accounts
Post exploring the latest Okta security incidents and explaining how to fortify your IAM system against social engineering attacks.
https://acsense.com/blog/okta-super-admin-breach-steps-for-iam-resilience
#aws
🔶🔷🔴 New Attack Vector In The Cloud: Attackers caught exploiting Object Storage Services
Security Joes Incident Response team recently became aware of a set of relatively new CVEs that were released at the end of March 2023. Surprisingly, these vulnerabilities have received little to no media coverage regarding their ease of exploitation and the potential security implications they pose to any cluster running a non-native object storage.
https://www.securityjoes.com/post/new-attack-vector-in-the-cloud-attackers-caught-exploiting-object-storage-services
#aws #azure #gcp
🔷 5 Tips to prevent or limit the impact of an incident in Azure
Five low-cost and easy to implement measures with high-impact to prevent or limit the impact of an incident in Azure: setup budget quotas, restrict app registration, prevent subscriptions from entering your tenant, ingest audit logging, and limit external collaboration.
https://invictus-ir.medium.com/5-tips-to-prevent-or-limit-the-impact-of-an-incident-in-azure-e9f664fe0100
(Use VPN to open from Russia)
#azure
🔴 Grafana security update: GPG signing key rotation
Grafana signing keys have been exposed. Be sure to update their trusted certificate if you are a Grafana user.
https://grafana.com/blog/2023/08/24/grafana-security-update-gpg-signing-key-rotation/
#gcp
🔷 New zero trust and digital sovereignty controls in Workspace, powered by AI
Google announced new zero trust, digital sovereignty, and threat defense controls powered by Google AI to help organizations keep their data safe.
https://workspace.google.com/blog/identity-and-security/accelerating-zero-trust-and-digital-sovereignty-ai
#azure
🔶 Risk in AWS SSM Port Forwarding
A surprising AWS Systems Manager Session Manager (SSM) default that can introduce risk, especially for customers using SSM's Port Forwarding features.
https://ramimac.me/ssm-iam
#aws
🔶 terraform-aws-api-gateway
Terraform module to create Route53 resource on AWS for create api gateway with its basic elements.
https://github.com/clouddrove/terraform-aws-api-gateway
#aws
🔶 Automate Lambda code signing with Amazon CodeCatalyst and AWS Signer
How to use Amazon CodeCatalyst with AWS Signer to fully manage the code signing process to ensure the trust and integrity of code assets.
https://aws.amazon.com/ru/blogs/devops/automate-lambda-code-signing-with-amazon-codecatalyst-and-aws-signer/
#aws
🔶 Remote analysis on cloud object-storage
The journey of making the volatility3 framework compatible with S3 object-storage to perform memory analysis over the network.
https://www.forensicxlab.com/posts/vols3/
#aws
🔴 Maintaining persistence via Shared sessions on Cloud Workstations
When an owner initiates a session and performs actions like gcloud auth login, the session state persists, shared across multiple users accessing the workstation through the same URL. This means that any user with access to the workstation can view and interact with the session artifacts created by the owner.
https://saransh-rana.gitbook.io/aboutme/maintaining-persistence-via-shared-sessions-on-cloud-workstations
#gcp
🔷 Ransomware Strikes Azure Storage: Are You Ready?
Post discussing Azure Storage Accounts, pointing out forensic artifacts in Azure that can help investigate ransomware attacks, and offering methods for attack detection.
https://www.mitiga.io/blog/ransomware-strikes-azure-storage-are-you-ready
#azure
🔴 Light the way ahead: Platform Engineering, Golden Paths, and the power of self-service
What is a Golden Path? Who is a Golden Path for? When to build Golden Paths?
https://cloud.google.com/blog/products/application-development/golden-paths-for-engineering-execution-consistency/
#gcp
🔶 A security community success story of mitigating a misconfiguration
Learn about the process of preventing security issues by changing things outside of your environment by looking at how a misconfiguration was occurring when Github Actions were integrated with AWS IAM roles and the improvements made that have now made this misconfiguration much less likely.
https://www.wiz.io/blog/a-security-community-success-story-of-mitigating-a-misconfiguration
#aws
🔷 The Azure Metadata Protection You Didn't Know Was There
Some Azure services have an additional, not widely known, protection mechanism against session token exfiltration.
https://ermetic.com/blog/azure/the-azure-metadata-protection-you-didnt-know-was-there/
#azure
🔶 aws-list-resources
Uses the AWS Cloud Control API to list resources that are present in a given AWS account and region(s).
https://github.com/welldone-cloud/aws-list-resources
#aws
🔶 Cloud Detection and Response Needs To Break Down Boundaries
The attack patterns of the modern day threat actor are changing as they are able to traverse across multiple environments in the cloud. CDR needs to keep up.
https://permiso.io/blog/cloud-detection-and-response-needs-to-break-down-boundaries
#aws
🔶 Verifying images in a private Amazon ECR with Kyverno and IAM Roles for Service Accounts (IRSA)
Applications, such as Kyverno, running within a Pod's containers can utilize the AWS SDK to make API requests to AWS services by leveraging AWS Identity and Access Management (IAM) permissions.
https://www.cncf.io/blog/2023/08/29/verifying-images-in-a-private-amazon-ecr-with-kyverno-and-iam-roles-for-service-accounts-irsa/
#aws
🔶 Authorizing cross-account KMS access with aliases
KMS aliases are a great way to make KMS keys more convenient. But permitting one account to use an KMS key in another account through a KMS alias can be difficult. This article explains why, and how to solve the problem correctly.
https://lucvandonkersgoed.com/2023/08/25/authorizing-cross-account-kms-access-with-aliases
#aws
🔷 How to Detect When an Azure Guest User Account Is Being Exploited
In Azure environments, guest users are the go-to option when giving access to a user from a different tenant. However, this could prove to be a costly mistake.
https://orca.security/resources/blog/detect-guest-user-account-exploited
#azure
🔶 Shipping RDS IAM Authentication (with a bastion host & SSM)
A basic guide to getting RDS IAM Authentication set up when you're using a Private Endpoint.
https://ramimac.me/rds-iam-auth
#aws
🔶 Pivoting Clouds in AWS Organizations: Examining AWS Security Features and Tools for Enumeration
The architecture and considerable number of enabled/delegated service possibilities in AWS Organizations presents a serious vector for lateral movement within corporate environments. This could easily turn a single AWS account takeover into a multiple account takeover.
https://www.netspi.com/blog/technical/cloud-penetration-testing/pivoting-clouds-aws-organizations-part-2/
#aws