This week's articles
Kud I Enter Your Server? New Vulnerabilities in Microsoft Azure
#azure, #attack
Two vulnerabilities were discovered in Azure App Services. The first enabled an attacker with access to the server to take over the App Service's git repository and implant phishing pages accessible through the Azure Portal. The second vulnerability allowed an attacker with an existing low-severity vulnerability on the application (SSRF) to upgrade to full code execution on the App Service and trigger the first vulnerability.
Announcing HashiCorp Waypoint
#announcement, #hashicorp, #build
HashiCorp released Waypoint, a new open source project that provides developers a consistent workflow to build, deploy, and release applications across any platform. To really understand what Waypoint is (and isn't), I highly recommend this blog from @copyconstruct.
Announcing HashiCorp Boundary
#announcement, #hashicorp, #aws, #build
HashiCorp released Boundary, a new open source project that enables to securely access dynamic hosts and services with fine-grained authorization without requiring direct network access. The Boundary AWS Reference Architecture repo contains Terraform configuration for deploying Boundary in HA mode in AWS.
Introducing Cloudflare One
#announcement, #cloudflare
As stated by Cloudflare: "It provides secure, fast, reliable, cost-effective network services, integrated with leading identity management and endpoint security providers".
Fine-tune access to external (Github) Actions
#github, #ci/cd
Now enterprise, organization, and repository administrators can define an allow list and fine-tune access to external Github Actions, making it easier to achieve security and compliance goals.
|