This week's articles
Exploiting and defending anonymous access in Azure
#attack, #azure, #defend, #iam
Most of Azure services require some form of authentication for access. However, there are a few exceptions that allows the configuration of unauthenticated and unauthorized access. The most common ones are the Azure Blob Container and the Azure Container registry.
Detection Engineering for Kubernetes clusters
#kubernetes, #monitor
A background on what logging in Kubernetes looks like, followed by novel detection rules created around how privilege escalation is achieved within a Kubernetes cluster.
Flux Security Audit has concluded
#announcement
The engagement uncovered a privilege escalation vulnerability in Flux that could enable users to gain cluster admin privileges. The issue has been fixed and is assigned CVE 2021-41254. You can also take a look at the full report.
Terraform Cloud Variable Sets Beta Now Available
#announcement, #terraform
The new variable sets in HashiCorp Terraform Cloud enable capabilities that help simplify use cases such as credential management, disaster recovery, tagging, and cost reduction.
|