Preventing storms.
Track AWS IAM changes in Git with CloudTrail Attribution
I wanted to share a recent blog post we've put together on IAMbic Change Detection with Cloudtrail logging and attribution. If you've ever found IAM changes in AWS challenging to track, this is for you. In IAMbic, all changes get their own Git commit, regardless if they were made using Terraform/Cloudformation/Console Clicking/etc. The new CloudTrail logging integration which provides an even deeper insight into every modification all within Git.
Give it a read and please give us feedback!
https://www.noq.dev/blog/iambic-bridging-the-gap-between-iam-changes-and-version-control
Pawning your users to Cloudflare is not how you offer your users security; fedi admins must realize this.
cross-posted from: https://lemmy.dbzer0.com/post/1491194
I would love if just once an admin of a fedi host under DDoS attack would have the integrity to say:
“We are under attack. But we will not surrender to Cloudflare & let that privacy-abusing tech giant get a front-row view of all your traffic while centralizing our decentralized community. We apologize for the downtime while we work on solving this problem in a way that uncompromisingly respects your privacy and does not harm your own security more than the attack itself.”
This is inspired by the recent move of #LemmyWorld joining Cloudflare’s walled garden to thwart a DDoS atk.
So of course the natural order of this thread is to discuss various Cloudflare-free solutions. Such as:
- Establish an onion site & redirect all Tor traffic toward the onion site. 1.1. Suggest that users try the onion site when the clearnet is down— and use it as an opportuni
How to verify if CrowdSec is properly configured?
Hello Community!
I installed CrowdSec bare -metal and alongside three bouncers:
So far, so good! But I'm running the official Nextcloud web app inside some docker container with the jwilder/nginx-proxy docker image. How do I know if CrowdSec is properly configured? I already added the nginx logs inside the acquis.yml, but I'm worried. Because there seems to be a difference with just analyzing logs and installing a bouncer. (I tried multiple times and searched alot, but cannot find the answer for installing CrowdSec bouncer with jwilder's nginx image.)
Thanks in advance!
The Orca Research Pod discovered Bad.Build, a vulnerability in the Google Cloud Build service that enabled attackers to gain access to and escalate privileges.
ALFA: Automated Audit Log Forensic Analysis for Google Workspace
ALFA stands for Automated Audit Log Forensic Analysis for Google Workspace. You can use this tool to acquire all Google Workspace audit logs and to perform automated forensic analysis on the audit ...
cross-posted from: https://infosec.pub/post/397812
Automated Audit Log Forensic Analysis (ALFA) for Google Workspace is a tool to acquire all Google Workspace audit logs and perform automated forensic analysis on the audit logs using statistics and the MITRE ATT&CK Cloud Framework.
By Greg Charitonos and BertJanCyber
We built a passwordless container image registry with a focus on security to sustain the foundation for ongoing product growth & feature additions for our users.
We’ve made a few changes to the way we host and distribute our Images over the last year to increase security, give ourselves more control over the distribution, and most importantly to keep our costs under control [...]
Kubernetes Security Basics Series Part I - Deployment and Container Orchestration
This first post in a 9-part series on Kubernetes Security basics focuses on DevOps culture, container-related threats and how to enable the integration of security into the heart of DevOps.
Scott (Piper)’s AWS Security Maturity Roadmap is the definitive resource for cloud-native companies to build a security program and posture in AWS. It d…
This gives a great overview of when to build, buy, or adopt an open source solution for a few different common cloud security challenges.
The talk can be seen here: https://youtu.be/JCphc30kFSw?t=2140
Kubernetes Grey Zone: Risks in Managed Cluster Middleware
Are your managed Kubernetes clusters safe from the risks posed by middleware components? Learn how to secure your clusters and mitigate middleware risks.
Crying Out Cloud: a magical podcast for cloud security enthusiasts
Join us for game-changing news, unique Wiz insights, and battle-tested advice from industry experts. Stay ahead of the cloud curve with our latest episodes and navigate the complex world of cloud security.
Normally I wouldn't recommend a vendor based podcast, but Wiz is doing really cool stuff in the cloud security space so I'm inclined to give them a chance!
In this blog, we'll dive deeply into two potential security issues that Omegapoint identified in AWS API Gateway authorizers. We reported these issues to AWS in November 2022 and January 2023. AWS rolled out mitigations to all AWS customer accounts in May 2023.
"This allowed us to completely bypass the application’s tenant isolation and access data from any tenant in the system"
Official announcement from AWS: https://aws.amazon.com/blogs/security/removing-header-remapping-from-amazon-api-gateway-and-notes-about-our-work-with-security-researchers/
I've been experimenting with the feasibility of running Dagger CI/CD pipelines isolated from each other using Firecracker microVMs to provide a strong security model in a multi-tenant scenario. When customer A runs a pipeline, their containers are executed in an isolated environment.
Securing the EC2 Instance Metadata Service
A look at how the EC2 Instance Metadata Service can be taken advantage of.
Also, hackers publish RaidForum user data, Google's $180k Chrome bug bounty, and this week's vulnerabilities
"Toyota said it had no evidence the data had been misused, and that it discovered the misconfigured cloud system while performing a wider investigation of Toyota Connected Corporation's (TC) cloud systems.
TC was also the site of two previous Toyota cloud security failures: one identified in September 2022, and another in mid-May of 2023.
As was the case with the previous two cloud exposures, this latest misconfiguration was only discovered years after the fact. Toyota admitted in this instance that records for around 260,000 domestic Japanese service incidents had been exposed to the web since 2015. The data lately exposed was innocuous if you believe Toyota – just vehicle device IDs and some map data update files were included. "
Container security fundamentals series
A look at how containers work as Linux processes and what that means for security.
Breaches.cloud - Your Source for Public Cloud Security Mistakes
Very useful collection of security incidents involving public clouds
How to get rid of AWS access keys- Part 1: The easy wins
Learn how to identify unused and unnecessary long-lived IAM User access keys.
(I am not fond on vendor's blogs as the signal to noise ratio is very low, since they are written to please search engines more than engineers... but Scott Piper gets a pass.)
I found this insightful, access keys are such a liability that is better to tame as early as possible. Fixing the problem a scale is a lot more challenging.
