#security (2020-05)

Archive: https://archive.sweetops.com/security/

2020-05-09

Maciek Strömich avatar
Maciek Strömich

yeah, an account that was hosting public repos or the ones meant to be public. from what I red MS is using several hundred enterprise accounts because most teams have it’s own private org

2020-05-07

maarten avatar
maarten
Microsoft's GitHub Account Allegedly Hacked, 500GB Stolen - Slashdot

A hacker claims to have stolen over 500GB of data from Microsoft’s private GitHub repositories, BleepingComputer reports. From the report: This evening, a hacker going by the name Shiny Hunters contacted BleepingComputer to tell us they had hacked into the Microsoft GitHub account, gaining full acce…

2020-05-06

2020-05-05

Maciek Strömich avatar
Maciek Strömich
salesforce/cloudsplaining

Cloudsplaining is an AWS IAM Security Assessment tool that identifies violations of least privilege and generates a risk-prioritized HTML report with a triage worksheet. - salesforce/cloudsplaining

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)
Salt Incident: May 3rd 2020 Retrospective and Update | Algolia Blog attachment image

Summary & Key Takeaways On May 3rd, 2020, Algolia’s infrastructure experienced an attack due to the salt configuration management vulnerability CVE-2020-11651. Through this vulnerability, two types

loren avatar
loren

Friends do not let friends open non-authenticated, internal-service ports to the world?

Salt Incident: May 3rd 2020 Retrospective and Update | Algolia Blog attachment image

Summary & Key Takeaways On May 3rd, 2020, Algolia’s infrastructure experienced an attack due to the salt configuration management vulnerability CVE-2020-11651. Through this vulnerability, two types

Erik Osterman (Cloud Posse) avatar
Erik Osterman (Cloud Posse)

Right? Seriously.

maarten avatar
maarten

And what is it doing on public reachable ip’s to begin with..

    keyboard_arrow_up