security
Thread by @bettersafetynet on Thread Reader App – Thread Reader App
https://threadreaderapp.com/thread/1496496087741480960.html
@bettersafetynet: I've had 3 calls so far today (it's not even 10) about defending against Russian cyber ops I'm tired of having the same call... so... here's what I've told everyone. This is the playbook you...…
Added 1 month ago
https://aws.amazon.com/blogs/security/create-fine-grained-session-permissions-using-iam-managed-policies/?sc_channel=sm&sc_campaign=AWSSecurity_Blog&sc_publisher=TWITTER&sc_country=Security+%26+Identity&sc_geo=GLOBAL&sc_outcome=awareness&trk=security_blog_fine_grained_IAM_TWITTER&sc_content=security_blog_fine_grained_IAM&linkId=67337463
https://aws.amazon.com/blogs/security/create-fine-grained-session-permissions-using-iam-managed-policies/?sc_channel=sm&sc_campaign=AWSSecurity_Blog&sc_publisher=TWITTER&sc_country=Security+%26+Identity&sc_geo=GLOBAL&sc_outcome=awareness&trk=security_blog_fine_grained_IAM_TWITTER&sc_content=security_blog_fine_grained_IAM&linkId=67337463
As a security best practice, AWS Identity and Access Management (IAM) recommends that you use temporary security credentials from AWS Security Token Service (STS) when you access your AWS resources. Temporary credentials are short-term credentials generated dynamically and provided to the user upon request. Today, one of the most widely used mechanisms for requesting temporary […]
Added 1 month ago
Launch HN: Idemeum (YC S21) – Passwordless access to apps and infrastructur
https://news.ycombinator.com/item?id=33346183
Added 1 month ago
https://cloud.vmware.com/vmware-essential-pks/resources#documents-papers
https://cloud.vmware.com/vmware-essential-pks/resources#documents-papers
Added 1 month ago
https://auscert.org.au/resources/events/?s=09
https://auscert.org.au/resources/events/?s=09
Added 1 month ago
Sign in as anyone: Bypassing SAML SSO authentication with parser differentials - The GitHub Blog
https://github.blog/security/sign-in-as-anyone-bypassing-saml-sso-authentication-with-parser-differentials/
Critical authentication bypass vulnerabilities were discovered in ruby-saml up to version 1.17.0. See how they were uncovered.
Added 1 month ago
Harden-Runner detection: tj-actions/changed-files action is compromised - StepSecurity
https://search.app/nz29ggeNi26oEF8q9
Added 1 month ago
Google launches Sec-Gemini v1. A new experimental cybersecurity model
https://security.googleblog.com/2025/04/google-launches-sec-gemini-v1-new.html?m=1
Added 1 month ago
Frida Penetration Testing Tool Kit Released With New APIs for Threat Monitoring
https://search.app/1yiQn4N9PWiF9ZtL8
Frida 16.7.0, the latest version of the popular dynamic instrumentation toolkit, has been released with powerful new APIs specifically.
Added 1 month ago
https://aws.amazon.com/blogs/security/how-to-centralize-and-automate-iam-policy-creation-in-sandbox-development-and-test-environments/?sc_channel=sm&sc_publisher=TWITTER&sc_country=Security+%26+Identity&sc_geo=GLOBAL&sc_outcome=awareness&trk=_TWITTER&sc_content=security_blog_centralize_automate_IAM&linkId=62045363
https://aws.amazon.com/blogs/security/how-to-centralize-and-automate-iam-policy-creation-in-sandbox-development-and-test-environments/?sc_channel=sm&sc_publisher=TWITTER&sc_country=Security+%26+Identity&sc_geo=GLOBAL&sc_outcome=awareness&trk=_TWITTER&sc_content=security_blog_centralize_automate_IAM&linkId=62045363
To keep pace with AWS innovation, many customers allow their application teams to experiment with AWS services in sandbox environments as they move toward production-ready architecture. These teams need timely access to various sets of AWS services and resources, which means they also need a mechanism to help ensure least privilege is granted. In other […]
Added 1 month ago
Dangerous by default: Insecure GitHub Actions found in MITRE, Splunk, and other open source repositories | Sysdig
https://sysdig.com/blog/insecure-github-actions-found-in-mitre-splunk-and-other-open-source-repositories/
Since its founding, the Sysdig Threat Research Team (TRT) has been committed to making the world a safer, more informed place. Upholding this commitment
Massive Satori botnet emerges - Security - CRN Australia
https://www.crn.com.au/news/massive-satori-botnet-emerges-479522
Added 1 month ago
How a cybersecurity researcher befriended then doxed the leader of LockBit
https://techcrunch.com/2024/08/09/how-a-cybersecurity-researcher-befriended-then-doxed-the-leader-of-lockbit-ransomware-gang/
Jon DiMaggio used sockpuppet accounts, then his own identity, to infiltrate LockBit and gain the trust of its alleged admin, Dmitry Khoroshev.
Added 1 month ago
CVE program faces swift end after DHS fails to renew contract. Leaving security flaw tracking in limbo
https://www.csoonline.com/article/3963190/cve-program-faces-swift-end-after-dhs-fails-to-renew-contract-leaving-security-flaw-tracking-in-limbo.html
After DHS did not renew its funding contract for reasons unspecified, MITRE’s 25-year-old Common Vulnerabilities and Exposures (CVE) program was slated for an abrupt shutdown on April 16, which would have left security flaw tracking in limbo. CISA stepped in to provide a bridge.
Added 1 month ago
Addon: Trivy - General Discussions / microk8s - Discuss Kubernetes
https://discuss.kubernetes.io/t/addon-trivy/23797
Compatibility:
Source: See Trivy website for details.
Trivy is an all-in-one open source security scanner that can help you identify vulnerabilities and IaC misconfigurations, discover SBOMs, perform cloud scanni…
Added 1 month ago
https://aws.amazon.com/blogs/security/how-to-use-service-control-policies-in-aws-organizations/
https://aws.amazon.com/blogs/security/how-to-use-service-control-policies-in-aws-organizations/
January 20, 2020: Based on customer feedback, we rephrased the fourth goal in the “An example structure with nested OUs and SCPs” section to try to improve clarity. With AWS Organizations, you can centrally manage policies across multiple AWS accounts without having to use custom scripts and manual processes. For example, you can apply service […]
Added 1 month ago
https://docs.bridgecrew.io/docs/what-is-bridgecrew
https://docs.bridgecrew.io/docs/what-is-bridgecrew
Added 1 month ago
Broken
2FAS - the Internet's favorite open-source authenticator
https://2fas.com/
Meet your favorite 2FA app. We are an open-source, community-driven, private and simple solution for Internet's biggest threat - security breaches.
Added 1 month ago
GitHub - OperantAI/woodpecker: Red Teaming for AI and Cloud
https://github.com/OperantAI/woodpecker
Red Teaming for AI and Cloud. Contribute to OperantAI/woodpecker development by creating an account on GitHub.