This week's articles
Cloud Incident Response Framework
The Cloud Security Alliance released a new framework which aims to be the go-to guide for cloud customers to effectively prepare for and manage cloud incidents.
Making the Internet more secure one signed container at a time
Google's introduction to Cosign, a tool which simplifies signing and verifying container images, aiming to make signatures invisible infrastructure - basically, it takes over the hard part of signing and verifying software for you.
Google Cloud IAM: Designs for Self-Service Privilege Escalation
How Praetorian helped design security controls and observability features for Google Cloud IAM in a client's GCP environment. They also generated two technical artifacts for implementing these solutions: ephemeral-iam, which implements a token-based privilege escalation tool, and a technical guide to using Trusted Platform Modules (TPMs) for service account credential storage.
Password reset code brute-force vulnerability in AWS Cognito
The password reset function of AWS Cognito allows attackers to change the account password if a six-digit number (reset code) sent out by E-mail is correctly entered. By using concurrent HTTP request techniques, it was shown that an attacker can do more guesses on this number than mentioned in the AWS documentation (1587 instead of 20). If the attack succeeds and the attacked accounts do not have multi-factor authentication enabled, a full take-over of the attacked AWS Cognito user accounts would have been possible. The issue was fixed by AWS on 2021-04-20.