This week's articles
Exploiting and defending anonymous access in Azure
#attack, #azure, #defend, #iam
Most of Azure services require some form of authentication for access. However, there are a few exceptions that allows the configuration of unauthenticated and unauthorized access. The most common ones are the Azure Blob Container and the Azure Container registry.
Detection Engineering for Kubernetes clusters
A background on what logging in Kubernetes looks like, followed by novel detection rules created around how privilege escalation is achieved within a Kubernetes cluster.
Flux Security Audit has concluded
The engagement uncovered a privilege escalation vulnerability in Flux that could enable users to gain cluster admin privileges. The issue has been fixed and is assigned CVE 2021-41254. You can also take a look at the full report
Terraform Cloud Variable Sets Beta Now Available
The new variable sets in HashiCorp Terraform Cloud enable capabilities that help simplify use cases such as credential management, disaster recovery, tagging, and cost reduction.