2068
All about cloud security Contacts: @AMark0f @dvyakimov About DevSecOps: @sec_devops
🔶 Introducing AWS Capabilities by Region for easier Regional planning and faster global deployment
AWS Capabilities by Region is a new planning tool that provides detailed visibility into AWS services, features, APIs, and CloudFormation resources across different AWS Regions, helping customers make informed decisions for global deployments and prevent costly rework through side-by-side regional comparisons and forward-looking roadmap information.
https://aws.amazon.com/ru/blogs/aws/introducing-aws-capabilities-by-region-for-easier-regional-planning-and-faster-global-deployments/
(Use VPN to open from Russia)
#aws
🔶 Migrating from Open Policy Agent to Amazon Verified Permissions
Post exploring the process of migrating from OPA and Rego to Verified Permissions and Cedar, including policy translation strategies, software development and testing approaches, and deployment considerations.
https://aws.amazon.com/ru/blogs/security/migrating-from-open-policy-agent-to-amazon-verified-permissions/
(Use VPN to open from Russia)
#aws
🔶 Crimson Collective: A New Threat Group Observed Operating in the Cloud
Rapid7 has observed increased activity of a new threat group attacking AWS cloud environments, Crimson Collective, who recently claimed to have stolen private repositories from Red Hat's GitLab.
https://www.rapid7.com/blog/post/tr-crimson-collective-a-new-threat-group-observed-operating-in-the-cloud/
#aws
👩💻 Decrypting VM Extension Settings with Azure WireServer
A method for decrypting Azure VM extension protected settings by interacting directly with the Azure WireServer service, bypassing the need to access local files.
https://www.netspi.com/blog/technical-blog/cloud-pentesting/decrypting-vm-extension-settings-with-azure-wireserver/
#azure
🔶🔷🔴 Vulnerabilities in LUKS2 disk encryption for confidential VMs
Trail of Bits is disclosing vulnerabilities in confidential computing systems that use LUKS2 for disk encryption. These vulnerabilities allow attackers with access to storage disks to extract confidential data and modify contents.
https://blog.trailofbits.com/2025/10/30/vulnerabilities-in-luks2-disk-encryption-for-confidential-vms/
#aws #azure #gcp
🔶 Using AWS Secrets Manager Agent with Amazon EKS
AWS Secrets Manager Agent for Amazon EKS provides a language-agnostic HTTP interface that runs locally within containers. It improves application availability by fetching secrets from local cache instead of direct API calls, and implements post-quantum cryptography protection via ML-KEM key exchange.
https://aws.amazon.com/ru/blogs/security/using-aws-secrets-manager-agent-with-amazon-eks/
(Use VPN to open from Russia)
#aws
👩💻 Inside the attack chain: Threat activity targeting Azure Blob Storage
Blog outlining some of the unique threats associated with the data storage layer, including relevant stages of the attack chain for Blob Storage to connect these risks to actionable Azure Security controls and applicable security recommendations.
https://www.microsoft.com/en-us/security/blog/2025/10/20/inside-the-attack-chain-threat-activity-targeting-azure-blob-storage/
#azure
👩💻 Reducing abuse of Microsoft 365 Exchange Online’s Direct Send
Cisco Talos has observed increased activity by malicious actors leveraging Direct Send as part of phishing campaigns. Here's how to strengthen your defenses.
https://blog.talosintelligence.com/reducing-abuse-of-microsoft-365-exchange-onlines-direct-send/
#azure
🔶 Amazon EC2 instance attestation
Learn how to use NitroTPM for attestation to verify the integrity of your EC2 instances.
https://docs.aws.amazon.com/AWSEC2/latest/UserGuide/nitrotpm-attestation.html
(Use VPN to open from Russia)
#aws
🔶 AWS Transfer Family SFTP connectors now support VPC-based connectivity
AWS Transfer Family SFTP connectors now support VPC-based connectivity, allowing secure file transfers between Amazon S3 and remote SFTP servers through your existing VPC infrastructure without exposing endpoints to the internet.
https://aws.amazon.com/ru/blogs/aws/aws-transfer-family-sftp-connectors-now-support-vpc-based-connectivity/
#aws
🔶 Rubygems.org AWS Root Access Event – September 2025
This post details a September 2025 security incident where a former RubyGems.org maintainer retained AWS root access after removal. Ruby Central discovered unauthorized access, reset credentials, and found no evidence of data compromise.
https://rubycentral.org/news/rubygems-org-aws-root-access-event-september-2025/
#aws
🔶 AWS IAM Identity Center now supports customer-managed KMS keys for encryption at rest
Gain control over encryption and comply with regulations using customer-managed keys for AWS IAM Identity Center's user data and passwords.
https://aws.amazon.com/ru/blogs/aws/aws-iam-identity-center-now-supports-customer-managed-kms-keys-for-encryption-at-rest/
(Use VPN to open from Russia)
#aws
🔶 Do you feel in control? Analysis of AWS CloudControl API as an attack tool
Abusing AWS CloudControl API to stealthily enumerate resources, persist in accounts, and evade detection.
https://www.exaforce.com/blogs/feel-in-control-analysis-of-aws-cloudcontrol-api
#aws
🔷🔴 OmniProx
IP Rotation from different providers - Like FireProx but for GCP, Azure, Alibaba and CloudFlare.
https://github.com/ZephrFish/OmniProx
#azure #gcp
🔶 Billing View now supports cost management data from multiple organizations
AWS announced the general availability of new capabilities within AWS Billing and Cost Management that enable customers to manage their AWS spend across multiple organizations through a single AWS account.
https://aws.amazon.com/ru/about-aws/whats-new/2025/09/billing-view-cost-management-multiple-organizations/
(Use VPN to open from Russia)
#aws
🔶 Authorizing access to data with RAG implementations
An architecture pattern for providing strong authorization for results returned from knowledge bases with a walkthrough example of this using Amazon S3 Access Grants with Amazon Bedrock Knowledge Bases.
https://aws.amazon.com/ru/blogs/security/authorizing-access-to-data-with-rag-implementations/
(Use VPN to open from Russia)
#aws
🔴 How Google Does It: Threat modeling, from basics to AI
Google's threat modeling process follows four key questions: identifying scope, enumerating potential threats using STRIDE methodology and threat libraries, operationalizing mitigations through defensive controls and offensive red team activities, and continuously updating models through review processes and AI-powered automation with Gemini.
https://cloud.google.com/transform/how-google-does-it-threat-modeling-from-basics-to-ai/
#gcp
🔴 A practical guide to Google Cloud's Parameter Manager
Google Cloud Parameter Manager is designed to reduce unnecessarily sharing key cloud configurations, and it works with many types of data formats.
https://cloud.google.com/blog/products/identity-security/a-practical-guide-to-google-clouds-parameter-manager/
#gcp
🔶 Querying Terraform state with AWS Athena
How to use AWS Athena to query Terraform state files stored in S3, enabling SQL queries across organizational infrastructure resources.
https://awsteele.com/blog/2025/10/26/querying-terraform-state-with-aws-athena.html
#aws
🔶 Advancing Our Chef Infrastructure: Safety Without Disruption
Slack's engineering team has enhanced its Chef infrastructure to improve deployment safety and reliability without causing disruption to service owners. Instead of a complex migration to Chef Policyfiles, they focused on practical improvements to their existing EC2 and Chef frameworks.
https://slack.engineering/advancing-our-chef-infrastructure-safety-without-disruption/
#aws
🔴 What’s new in Cloud Armor: Innovations to boost security posture, threat protection
New capabilities in Cloud Armor offer more comprehensive security policies and granular network configuration controls.
https://cloud.google.com/blog/products/identity-security/cloud-armor-named-strong-performer-in-forrester-wave-new-features-launched/
#gcp
🔶 ECS on EC2: Covering Gaps in IMDS Hardening
The article discusses securing ECS on EC2 by blocking IMDS access. IMDSv2 with hop limit 1 only blocks access in bridge mode but not in awsvpc or host modes. Different networking modes require specific configurations to protect against privilege escalation attacks like ECScape.
https://www.latacora.com/blog/2025/10/02/ecs-on-ec2-covering-gaps-in-imds-hardening/
(Use VPN to open from Russia)
#aws
👩💻 CoPhish: Using Microsoft Copilot Studio as a wrapper for OAuth phishing
Copilot Studio links look benign, but they can host content to redirect users to arbitrary URLs. In this post, Datadog documents a method by which a Copilot Studio agent's login settings can redirect a user to any URL, including an OAuth consent attack.
https://securitylabs.datadoghq.com/articles/cophish-using-microsoft-copilot-studio-as-a-wrapper/
#azure
🔶 Introducing Amazon EBS Volume Clones: Create instant copies of your EBS volumes
AWS launched Amazon EBS Volume Clones, a new capability that allows users to create instant point-in-time copies of EBS volumes within the same Availability Zone with a single API call, eliminating the previous multi-step process of taking snapshots and creating volumes from them.
https://aws.amazon.com/ru/blogs/aws/introducing-amazon-ebs-volume-clones-create-instant-copies-of-your-ebs-volumes/
#aws
👩💻 Remove Passwords from Microsoft Entra ID
Password scrambling guidance to deploy passwordless and phishing-resistant authentication for organizations that use Microsoft Entra ID.
https://learn.microsoft.com/en-us/entra/identity/authentication/how-to-plan-password-scramble-phishing-resistant-passwordless-authentication
#azure
🔶 New AWS whitepaper: Security Overview of Amazon EKS Auto Mode
The whitepaper covers the core security principles of Amazon EKS Auto Mode, highlighting its unique approach to managing Kubernetes clusters.
https://aws.amazon.com/ru/blogs/security/new-aws-whitepaper-security-overview-of-amazon-eks-auto-mode/
(Use VPN to open from Russia)
#aws
🔴 Announcing quantum-safe Key Encapsulation Mechanisms in Cloud KMS
GCP now supports post-quantum Key Encapsulation Mechanisms in Cloud KMS, in preview, enabling customers to begin migrating to a post-quantum world.
https://cloud.google.com/blog/products/identity-security/announcing-quantum-safe-key-encapsulation-mechanisms-in-cloud-kms/
#gcp
🔶 Crimson Collective: A New Threat Group Observed Operating in the Cloud
Rapid7 has observed increased activity of a new threat group attacking AWS cloudenvironments, Crimson Collective, who recently claimed to have stolen private repositories from Red Hat's GitLab.
https://www.rapid7.com/blog/post/tr-crimson-collective-a-new-threat-group-observed-operating-in-the-cloud/
#aws
🔶🔷🔴 tokenex
A Go library that securely exchanges identity tokens for temporary cloud credentials, with built-in support for AWS, GCP, Azure, OCI, Kubernetes, and OAuth2. You can also refer to the companion blog post.
https://github.com/riptideslabs/tokenex
#aws #azure #gcp
🔶 How to develop an AWS Security Hub POC
This article guides you through planning and implementing an AWS Security Hub proof of concept, covering value assessment, success criteria definition, configuration, deployment, and validation steps.
https://aws.amazon.com/ru/blogs/security/how-to-develop-an-aws-security-hub-poc/
(Use VPN to open from Russia)
#aws