This week's articles
Enter the Vault: Authentication Issues in HashiCorp Vault
#aws, #gcp, #vault, #attack
Project Zero found two vulnerabilities in HashiCorp Vault and its integration with AWS and GCP, which can lead to an authentication bypass in configurations that use the aws and gcp auth methods. Both vulnerabilities (CVE-2020-16250/16251) were addressed by HashiCorp and are fixed in Vault versions 1.2.5, 1.3.8, 1.4.4 and 1.5.1 released in August.
CloudFormer review part I - The stack
A security review of AWS CloudFormer (beta), a tool created by AWS that helps create CloudFormation templates of existing resources within an account.
Mapping CIS Controls to Cloud
Building a public cloud security program from scratch is a lot of work. There are a ton of things you need to do and figuring out what you need to do and the priority is critical.