#security (2020-05)

Archive: https://archive.sweetops.com/security/

2020-05-05

Maciek Strömich avatar
Maciek Strömich
03:49:18 PM

https://github.com/salesforce/cloudsplaining

salesforce/cloudsplaining

Cloudsplaining is an AWS IAM Security Assessment tool that identifies violations of least privilege and generates a risk-prioritized HTML report with a triage worksheet. - salesforce/cloudsplaining

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)
03:35:22 AM

https://blog.algolia.com/salt-incident-may-3rd-2020-retrospective-and-update/

Salt Incident: May 3rd 2020 Retrospective and Update | Algolia Blogattachment image

Summary & Key Takeaways On May 3rd, 2020, Algolia’s infrastructure experienced an attack due to the salt configuration management vulnerability CVE-2020-11651. Through this vulnerability, two types

loren avatar
loren
04:16:02 AM

Friends do not let friends open non-authenticated, internal-service ports to the world?

Salt Incident: May 3rd 2020 Retrospective and Update | Algolia Blogattachment image

Summary & Key Takeaways On May 3rd, 2020, Algolia’s infrastructure experienced an attack due to the salt configuration management vulnerability CVE-2020-11651. Through this vulnerability, two types

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)
04:22:06 AM

Right? Seriously.

maarten avatar
maarten
07:07:28 AM

And what is it doing on public reachable ip’s to begin with..

2020-05-06

2020-05-07

maarten avatar
maarten
07:41:27 PM

https://developers.slashdot.org/story/20/05/07/1850248/microsofts-github-account-allegedly-hacked-500gb-stolen

Microsoft's GitHub Account Allegedly Hacked, 500GB Stolen - Slashdot

A hacker claims to have stolen over 500GB of data from Microsoft’s private GitHub repositories, BleepingComputer reports. From the report: This evening, a hacker going by the name Shiny Hunters contacted BleepingComputer to tell us they had hacked into the Microsoft GitHub account, gaining full acce…

2020-05-09

Maciek Strömich avatar
Maciek Strömich
11:05:58 AM

yeah, an account that was hosting public repos or the ones meant to be public. from what I red MS is using several hundred enterprise accounts because most teams have it’s own private org

    keyboard_arrow_up