This week's articles
Exploiting and defending anonymous access in Azure
Most of Azure services require some form of authentication for access. However, there are a few exceptions that allows the configuration of unauthenticated and unauthorized access. The most common ones are the Azure Blob Container and the Azure Container registry.
#attack
#azure
#defend
#iam
Detection Engineering for Kubernetes clusters
A background on what logging in Kubernetes looks like, followed by novel detection rules created around how privilege escalation is achieved within a Kubernetes cluster.
#kubernetes
#monitor
Flux Security Audit has concluded
The engagement uncovered a privilege escalation vulnerability in Flux that could enable users to gain cluster admin privileges. The issue has been fixed and is assigned CVE 2021-41254. You can also take a look at the full report.
#announcement
Terraform Cloud Variable Sets Beta Now Available
The new variable sets in HashiCorp Terraform Cloud enable capabilities that help simplify use cases such as credential management, disaster recovery, tagging, and cost reduction.
#announcement
#terraform
|