Time to reset your “days since last major chip vulnerability” counter back to zero. Security researchers have found another flaw in Intel processors — this time it’s a new variant of the Zombieload attack they discovered earlier this year, but targeting Intel’s latest family…
one way to pay for the processing time of hashing
We run it nightly; its pretty handy.
Yeah prowlers’ best, we also run ScoutSuite. Prowler does a better job of mapping to controls.
Has https://github.com/toniblyx/prowler come up in this channel before? Has anyone tried it?
AWS Security Best Practices Assessment, Auditing, Hardening and Forensics Readiness Tool. It follows guidelines of the CIS Amazon Web Services Foundations Benchmark and DOZENS of additional checks …
@davidvasandani just used it for my soc2 audit
Whoa! How’d it go?
@davidvasandani @Erik Osterman prowler is a decent tool. we were asked to use it for our soc2 audit. It’s definitely not a super robust tool, but it does the job. We had a couple use cases where we had false negatives. The tool just greps for “true” and we had a client with the word “true” in it’s name where we got some false negatives on. Also after doing key rotations, we ended up with a ton of fails because the keys hadn’t been used yet (because we had just finished our key rotations!)
Looks amazing. Thanks for sharing.
update your chromes/chromium based browser asap
PSA Major vulnerability in SimpleSamlPHP/XMLSecLibs XML signature validation, if anyone uses it