This week's articles
Single Sign-On Or Single Point of Failure?
Has reliance on SSO left orgs with a single point of exploitation? Doyensec's latest research explores various IdP compromise scenarios and their impacts, as well as how to harden and detect these attacks in Teleport installations.
#attack
#defend
#saas
Attack Paths Into VMs in the Cloud
Virtual machines (VMs) are a significant attack target. Focusing on three major CSPs, this research summarizes the conditions for possible VM attack paths.
#attack
#aws
#azure
#gcp
Cryptographic Agility and Key Rotation
Google engineers discuss how to actually migrate to Post-Quantum Cryptography and explore the role cryptographic agility and key rotation play in this process.
#build
#strategy
Phishing Incident Report: Facts and Timeline
The AnyRun team provides an interest postmortem and the first results of their investigation into the recent incident and share a full account of the events.
#defend
#monitor
#saas
AWS OIDC Provider Enumeration
A post expanding on Nick Frichette's discovery of enumerable OIDC providers in AWS using the known_aws_accounts dataset.
#attack
#aws
|