This week's articles
Agent Exposes Azure Customers To Unauthorized Code Execution
Azure customers on Linux machines - which account for over half of all Azure instances according to Microsoft - are at risk if they use any of the services relying on OMI (Open Management Infrastructure), a Windows Management Infrastructure (WMI) for UNIX/Linux systems. The RCE is the simplest RCE you can ever imagine: simply remove the auth header and you are root. This Twitter thread
is also useful to understand the impact of this flaw.
Bypassing GCP Org Policy with Custom Metadata
Google makes use of custom metadata to authorize access to AI Notebooks and their web UIs. Individuals granted access via custom metadata need not have any IAM permissions on the compute instance, on the service account running the Notebook or even be a member of the Organization. This kind of authorization bypasses a specific Organization Policy Constraint which restricts cross-domain resource sharing.
NSA & CISA Kubernetes Security Guidance - A Critical Review
Last month, NSA and CISA released a report detailing the security hardening they recommend be applied to Kubernetes cluster. The guidance the document contains is generally reasonable, but there are several points which are either incorrect or do not provide sufficient context for administrators to make good security-focused decisions.
AWS Authentication: Principals in AWS IAM
#aws, #explain, #iam
Newcomers to AWS can sometimes get confused by what it means to have AWS credentials. This article aims to explain the basics of AWS authentication, that is, the way you gain an identity that you can use to access AWS services.
AWS federation comes to GitHub Actions
#aws, #ci/cd, #github, #iam
GitHub Actions has a new functionality that can vend OpenID Connect credentials to jobs running on the platform. This is very exciting for AWS account administrators as it means that CI/CD jobs no longer need any long-term secrets to be stored in GitHub.
Threat Detection Maturity Framework
#defend, #monitor, #strategy
How do you measure the success or maturity of a Threat Detection program? What should a Threat Detection team roadmap look like? What is the north star for Threat Detection?