This week's articles
Threat Modelling Cloud Platform Services by Example: Google Cloud Storage
A threat modelling exercise from NCC which demonstrated that user/tenant configuration choices matter when evaluating the overall security posture of an instance of Google Cloud Storage, and that a number of relative weaknesses can be improved through deliberate choices on behalf of the user.
#gcp
#explain
Data exfiltration with native AWS S3 features
A deep dive on different options for abuse of legitimate S3 features with the end goal of data exfiltration, so to better understand the shortcomings of native AWS logging and monitoring tooling, and to offer some suggestions for how to go about detecting their use and abuse.
#attack
#aws
#monitor
General availability of SLSA 3 Container Generator for GitHub Actions
The SLSA project announced the general availability of the SLSA 3 Container Generator for GitHub Actions, which allows any GitHub project to produce SLSA level 3 compliant provenance statements so users can verify the origin of container images they use.
#announcement
#supply-chain
|