#security (2020-05)
Archive: https://archive.sweetops.com/security/
2020-05-05
![Maciek Strömich avatar](https://secure.gravatar.com/avatar/98de12365b633b063e208220100d4594.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0002-72.png)
Cloudsplaining is an AWS IAM Security Assessment tool that identifies violations of least privilege and generates a risk-prioritized HTML report with a triage worksheet. - salesforce/cloudsplaining
![Erik Osterman (Cloud Posse) avatar](https://secure.gravatar.com/avatar/88c480d4f73b813904e00a5695a454cb.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0023-72.png)
![attachment image](https://res.cloudinary.com/hilnmyskv/image/upload/q_auto/v1588689413/Algolia_com_Blog_assets/Featured_images/salt-incident-may-3rd-2020-retrospective-and-update/ng6ztjhx18bn2ahnvgcv.jpg)
Summary & Key Takeaways On May 3rd, 2020, Algolia’s infrastructure experienced an attack due to the salt configuration management vulnerability CVE-2020-11651. Through this vulnerability, two types
![loren avatar](https://secure.gravatar.com/avatar/d1e25dcfbc68a0857a04dd78c9afe952.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0003-72.png)
Friends do not let friends open non-authenticated, internal-service ports to the world?
![attachment image](https://res.cloudinary.com/hilnmyskv/image/upload/q_auto/v1588689413/Algolia_com_Blog_assets/Featured_images/salt-incident-may-3rd-2020-retrospective-and-update/ng6ztjhx18bn2ahnvgcv.jpg)
Summary & Key Takeaways On May 3rd, 2020, Algolia’s infrastructure experienced an attack due to the salt configuration management vulnerability CVE-2020-11651. Through this vulnerability, two types
![Erik Osterman (Cloud Posse) avatar](https://secure.gravatar.com/avatar/88c480d4f73b813904e00a5695a454cb.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0023-72.png)
Right? Seriously.
![maarten avatar](https://avatars.slack-edge.com/2020-09-28/1393040065826_b0d13cfde15deff02026_72.png)
And what is it doing on public reachable ip’s to begin with..
2020-05-06
2020-05-07
![maarten avatar](https://avatars.slack-edge.com/2020-09-28/1393040065826_b0d13cfde15deff02026_72.png)
A hacker claims to have stolen over 500GB of data from Microsoft’s private GitHub repositories, BleepingComputer reports. From the report: This evening, a hacker going by the name Shiny Hunters contacted BleepingComputer to tell us they had hacked into the Microsoft GitHub account, gaining full acce…
2020-05-09
![Maciek Strömich avatar](https://secure.gravatar.com/avatar/98de12365b633b063e208220100d4594.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0002-72.png)
yeah, an account that was hosting public repos or the ones meant to be public. from what I red MS is using several hundred enterprise accounts because most teams have it’s own private org
2020-05-24
![Erik Osterman (Cloud Posse) avatar](https://secure.gravatar.com/avatar/88c480d4f73b813904e00a5695a454cb.jpg?s=72&d=https%3A%2F%2Fa.slack-edge.com%2Fdf10d%2Fimg%2Favatars%2Fava_0023-72.png)