home.social

#cloudsecurity โ€” Public Fediverse posts

Live and recent posts from across the Fediverse tagged #cloudsecurity, aggregated by home.social.

  1. ๐ŸŸฆ Entra Tenant Governance | Find Configuration Drift

    New preview lets admins detect tenant configuration drift natively across Entra and related services. ๐Ÿ”น

    Define JSON baselines as configuration as code and create scheduled monitors. Monitors run every six hours and produce run summaries and detailed drift objects with property level diffs. Govern external tenants via B2B signals and role based templates from a single admin center. ๐Ÿ’ก

    ๐Ÿ’ก Configuration as code baseline
    ๐Ÿ” Six hour monitor interval
    โš–๏ธ Cross tenant governance via B2B signals

    โ–ถ๏ธŽ hubsite365.com/en-ww/pro-offic

  2. ๐ŸŸฆ Entra Tenant Governance | Find Configuration Drift

    New preview lets admins detect tenant configuration drift natively across Entra and related services. ๐Ÿ”น

    Define JSON baselines as configuration as code and create scheduled monitors. Monitors run every six hours and produce run summaries and detailed drift objects with property level diffs. Govern external tenants via B2B signals and role based templates from a single admin center. ๐Ÿ’ก

    ๐Ÿ’ก Configuration as code baseline
    ๐Ÿ” Six hour monitor interval
    โš–๏ธ Cross tenant governance via B2B signals

    โ–ถ๏ธŽ hubsite365.com/en-ww/pro-offic

    #MICROSOFTENTRA #IDENTITYSECURITY #ZEROTRUST #CLOUDSECURITY

  3. ๐Ÿšจ Attackers donโ€™t break in anymore โ€” they log in.

    Weak Entra roles, shadow admins & legacy access paths are the real targets.

    ๐Ÿ‘‰ 7asecurity.com/blog/2026/05/en

  4. New #CloudSecTidbits explores how misconfigured AWS ELBs can silently break security boundaries through rule shadowing, CloudFront/WAF bypasses, and alternate routing paths.

    Weโ€™re also releasing ELBaph โ€” a new read-only tool to map ELB routing graphs, detect exposed paths, and surface real-world attack chains across ALBs/NLBs.

    blog.doyensec.com/2026/05/25/c

    #AppSec #Doyensec #AWS #CloudSecurity #AppSec #SecurityResearch

  5. New #CloudSecTidbits explores how misconfigured AWS ELBs can silently break security boundaries through rule shadowing, CloudFront/WAF bypasses, and alternate routing paths.

    Weโ€™re also releasing ELBaph โ€” a new read-only tool to map ELB routing graphs, detect exposed paths, and surface real-world attack chains across ALBs/NLBs.

    blog.doyensec.com/2026/05/25/c

    #AppSec #Doyensec #AWS #CloudSecurity #AppSec #SecurityResearch

  6. ๐Ÿ” ๐—ฅ๐—˜๐—Ÿ๐—œ๐—”๐—ก๐—ข๐—œ๐—— will be attending ๐—œ๐—ป๐—ณ๐—ผ๐˜€๐—ฒ๐—ฐ๐˜‚๐—ฟ๐—ถ๐˜๐˜† ๐—˜๐˜‚๐—ฟ๐—ผ๐—ฝ๐—ฒ ๐Ÿฎ๐Ÿฌ๐Ÿฎ๐Ÿฒ in London from June 2โ€“4!

    As one of ๐˜Œ๐˜ถ๐˜ณ๐˜ฐ๐˜ฑ๐˜ฆโ€™๐˜ด ๐˜ญ๐˜ฆ๐˜ข๐˜ฅ๐˜ช๐˜ฏ๐˜จ ๐˜ค๐˜บ๐˜ฃ๐˜ฆ๐˜ณ๐˜ด๐˜ฆ๐˜ค๐˜ถ๐˜ณ๐˜ช๐˜ต๐˜บ ๐˜ฆ๐˜ท๐˜ฆ๐˜ฏ๐˜ต๐˜ด, Infosecurity Europe brings together security professionals, innovators, and decision-makers to explore the future of cyber resilience, cloud security, AI-driven protection, Zero Trust, and more.

    relianoid.com/about-us/events/

  7. ๐Ÿšจ Lambda Watchdog CVE Report ๐Ÿšจ
    Latest AWS Lambda image scan detected 26 CVEs across 26 images:
    โ€ข ๐Ÿ”ด Critical: 3
    โ€ข ๐ŸŸ  High: 11
    โ€ข ๐ŸŸก Medium: 11
    โ€ข ๐Ÿ”ต Low: 1

    Check the full report ๐Ÿ‘‰ lambdawatchdog.com/

  8. ๐Ÿšจ Lambda Watchdog CVE Report ๐Ÿšจ
    Latest AWS Lambda image scan detected 26 CVEs across 26 images:
    โ€ข ๐Ÿ”ด Critical: 3
    โ€ข ๐ŸŸ  High: 11
    โ€ข ๐ŸŸก Medium: 11
    โ€ข ๐Ÿ”ต Low: 1

    Check the full report ๐Ÿ‘‰ lambdawatchdog.com/
    #AWS #Lambda #CVE #CloudSecurity #Serverless

  9. ๐Ÿšจ Lambda Watchdog CVE Report ๐Ÿšจ
    Latest AWS Lambda image scan detected 26 CVEs across 26 images:
    โ€ข ๐Ÿ”ด Critical: 3
    โ€ข ๐ŸŸ  High: 11
    โ€ข ๐ŸŸก Medium: 11
    โ€ข ๐Ÿ”ต Low: 1

    Check the full report ๐Ÿ‘‰ lambdawatchdog.com/
    #AWS #Lambda #CVE #CloudSecurity #Serverless

  10. ๐Ÿšจ Lambda Watchdog CVE Report ๐Ÿšจ
    Latest AWS Lambda image scan detected 26 CVEs across 26 images:
    โ€ข ๐Ÿ”ด Critical: 3
    โ€ข ๐ŸŸ  High: 11
    โ€ข ๐ŸŸก Medium: 11
    โ€ข ๐Ÿ”ต Low: 1

    Check the full report ๐Ÿ‘‰ lambdawatchdog.com/
    #AWS #Lambda #CVE #CloudSecurity #Serverless

  11. ๐Ÿšจ Lambda Watchdog CVE Report ๐Ÿšจ
    Latest AWS Lambda image scan detected 26 CVEs across 26 images:
    โ€ข ๐Ÿ”ด Critical: 3
    โ€ข ๐ŸŸ  High: 11
    โ€ข ๐ŸŸก Medium: 11
    โ€ข ๐Ÿ”ต Low: 1

    Check the full report ๐Ÿ‘‰ lambdawatchdog.com/
    #AWS #Lambda #CVE #CloudSecurity #Serverless

  12. $148,337 #BugBounty paid by Google to a researcher (@brutecat) who found debug endpoints on Google Cloud allowing to configure privileged workflows leading to full #RCE in Google Cloud production (CVE-2026-2031)
    #CloudSecurity #BugBountyTips
    ๐Ÿ‘‡
    brutecat.com/articles/google-c

  13. $148,337 #BugBounty paid by Google to a researcher (@brutecat) who found debug endpoints on Google Cloud allowing to configure privileged workflows leading to full #RCE in Google Cloud production (CVE-2026-2031)
    #CloudSecurity #BugBountyTips
    ๐Ÿ‘‡
    brutecat.com/articles/google-c

  14. $148,337 #BugBounty paid by Google to a researcher (@brutecat) who found debug endpoints on Google Cloud allowing to configure privileged workflows leading to full #RCE in Google Cloud production (CVE-2026-2031)
    #CloudSecurity #BugBountyTips
    ๐Ÿ‘‡
    brutecat.com/articles/google-c

  15. $148,337 #BugBounty paid by Google to a researcher (@brutecat) who found debug endpoints on Google Cloud allowing to configure privileged workflows leading to full #RCE in Google Cloud production (CVE-2026-2031)
    #CloudSecurity #BugBountyTips
    ๐Ÿ‘‡
    brutecat.com/articles/google-c

  16. $148,337 #BugBounty paid by Google to a researcher (@brutecat) who found debug endpoints on Google Cloud allowing to configure privileged workflows leading to full #RCE in Google Cloud production (CVE-2026-2031)
    #CloudSecurity #BugBountyTips
    ๐Ÿ‘‡
    brutecat.com/articles/google-c

  17. Shashwat Sehgal, CEO & Co-Founder of P0 Security, warns that AI agents are recreating the same access problems that broke early cloud security.

    ๐Ÿ” Broad standing permissions are returning
    ๐Ÿ” Visibility alone does not reduce blast radius
    ๐Ÿ” Runtime governance matters more than authentication

    โ€œThe organizations that avoid repeating the cloud security cycle will be the ones that treat agents as a new class of privileged non-human identity from day one.โ€

    technadu.com/ai-agents-are-rec

    #Cybersecurity #AISecurity #IdentitySecurity #CloudSecurity #AIAgents

  18. Shashwat Sehgal, CEO & Co-Founder of P0 Security, warns that AI agents are recreating the same access problems that broke early cloud security.

    ๐Ÿ” Broad standing permissions are returning
    ๐Ÿ” Visibility alone does not reduce blast radius
    ๐Ÿ” Runtime governance matters more than authentication

    โ€œThe organizations that avoid repeating the cloud security cycle will be the ones that treat agents as a new class of privileged non-human identity from day one.โ€

    technadu.com/ai-agents-are-rec

    #Cybersecurity #AISecurity #IdentitySecurity #CloudSecurity #AIAgents

  19. Shashwat Sehgal, CEO & Co-Founder of P0 Security, warns that AI agents are recreating the same access problems that broke early cloud security.

    ๐Ÿ” Broad standing permissions are returning
    ๐Ÿ” Visibility alone does not reduce blast radius
    ๐Ÿ” Runtime governance matters more than authentication

    โ€œThe organizations that avoid repeating the cloud security cycle will be the ones that treat agents as a new class of privileged non-human identity from day one.โ€

    technadu.com/ai-agents-are-rec

    #Cybersecurity #AISecurity #IdentitySecurity #CloudSecurity #AIAgents

  20. Shashwat Sehgal, CEO & Co-Founder of P0 Security, warns that AI agents are recreating the same access problems that broke early cloud security.

    ๐Ÿ” Broad standing permissions are returning
    ๐Ÿ” Visibility alone does not reduce blast radius
    ๐Ÿ” Runtime governance matters more than authentication

    โ€œThe organizations that avoid repeating the cloud security cycle will be the ones that treat agents as a new class of privileged non-human identity from day one.โ€

    technadu.com/ai-agents-are-rec

    #Cybersecurity #AISecurity #IdentitySecurity #CloudSecurity #AIAgents

  21. Shashwat Sehgal, CEO & Co-Founder of P0 Security, warns that AI agents are recreating the same access problems that broke early cloud security.

    ๐Ÿ” Broad standing permissions are returning
    ๐Ÿ” Visibility alone does not reduce blast radius
    ๐Ÿ” Runtime governance matters more than authentication

    โ€œThe organizations that avoid repeating the cloud security cycle will be the ones that treat agents as a new class of privileged non-human identity from day one.โ€

    technadu.com/ai-agents-are-rec

    #Cybersecurity #AISecurity #IdentitySecurity #CloudSecurity #AIAgents

  22. ๐Ÿšจ Lambda Watchdog CVE Report ๐Ÿšจ
    Latest AWS Lambda image scan detected 26 CVEs across 26 images:
    โ€ข ๐Ÿ”ด Critical: 3
    โ€ข ๐ŸŸ  High: 11
    โ€ข ๐ŸŸก Medium: 11
    โ€ข ๐Ÿ”ต Low: 1

    Check the full report ๐Ÿ‘‰ lambdawatchdog.com/

  23. ๐Ÿšจ Lambda Watchdog CVE Report ๐Ÿšจ
    Latest AWS Lambda image scan detected 26 CVEs across 26 images:
    โ€ข ๐Ÿ”ด Critical: 3
    โ€ข ๐ŸŸ  High: 11
    โ€ข ๐ŸŸก Medium: 11
    โ€ข ๐Ÿ”ต Low: 1

    Check the full report ๐Ÿ‘‰ lambdawatchdog.com/
    #AWS #Lambda #CVE #CloudSecurity #Serverless

  24. CISA exposed plaintext passwords, cloud keys, and access tokens in a public GitHub repository tied to a government contractor account. ๐Ÿ”“
    A researcher confirmed some credentials were valid, raising concerns over federal cloud security and contractor oversight at the US cyber agency. โ˜๏ธ

    ๐Ÿ”— techcrunch.com/2026/05/19/us-c

    #TechNews #CISA #Cybersecurity #GitHub #CloudSecurity #Passwords #Infosec #Privacy #Security #DataBreach #OpenSource #GovTech #Cloud #USA #US #Tech #Government #Federal

  25. CISA exposed plaintext passwords, cloud keys, and access tokens in a public GitHub repository tied to a government contractor account. ๐Ÿ”“
    A researcher confirmed some credentials were valid, raising concerns over federal cloud security and contractor oversight at the US cyber agency. โ˜๏ธ

    ๐Ÿ”— techcrunch.com/2026/05/19/us-c

    #TechNews #CISA #Cybersecurity #GitHub #CloudSecurity #Passwords #Infosec #Privacy #Security #DataBreach #OpenSource #GovTech #Cloud #USA #US #Tech #Government #Federal

  26. CISA exposed plaintext passwords, cloud keys, and access tokens in a public GitHub repository tied to a government contractor account. ๐Ÿ”“
    A researcher confirmed some credentials were valid, raising concerns over federal cloud security and contractor oversight at the US cyber agency. โ˜๏ธ

    ๐Ÿ”— techcrunch.com/2026/05/19/us-c

    #TechNews #CISA #Cybersecurity #GitHub #CloudSecurity #Passwords #Infosec #Privacy #Security #DataBreach #OpenSource #GovTech #Cloud #USA #US #Tech #Government #Federal

  27. CISA exposed plaintext passwords, cloud keys, and access tokens in a public GitHub repository tied to a government contractor account. ๐Ÿ”“
    A researcher confirmed some credentials were valid, raising concerns over federal cloud security and contractor oversight at the US cyber agency. โ˜๏ธ

    ๐Ÿ”— techcrunch.com/2026/05/19/us-c

    #TechNews #CISA #Cybersecurity #GitHub #CloudSecurity #Passwords #Infosec #Privacy #Security #DataBreach #OpenSource #GovTech #Cloud #USA #US #Tech #Government #Federal

  28. CISA exposed plaintext passwords, cloud keys, and access tokens in a public GitHub repository tied to a government contractor account. ๐Ÿ”“
    A researcher confirmed some credentials were valid, raising concerns over federal cloud security and contractor oversight at the US cyber agency. โ˜๏ธ

    ๐Ÿ”— techcrunch.com/2026/05/19/us-c

    #TechNews #CISA #Cybersecurity #GitHub #CloudSecurity #Passwords #Infosec #Privacy #Security #DataBreach #OpenSource #GovTech #Cloud #USA #US #Tech #Government #Federal

  29. Der Vorfall sorgt nicht nur wegen des politischen Hintergrunds fรผr Aufmerksamkeit, sondern zeigt erneut die wachsenden Risiken moderner Cybersecurity- und Datenschutzprobleme im Bereich Cloud-Infrastruktur und Third-Party-Risk-Management. ๐Ÿ‘‡

    #trumpmobile #datenleck #cybersecurity #datenschutz #databreach #itsicherheit #cyberangriff #cloudsecurity #security #datenpanne #cloud #privacy #infosec #kundendaten #mobilfunk #trump

    teufelswerk.net/trump-mobile-d

  30. ๐Ÿ“ฐ Nation-State Actors Weaponize Open-Source ROADtools for Azure Cloud Attacks, Bypassing MFA and Persisting in Networks

    ๐Ÿšจ Cloud Attack Alert: Nation-states are weaponizing the open-source ROADtools framework to attack Azure environments. Unit 42 breaks down how they achieve persistence & bypass MFA. #ROADtools #Azure #CloudSecurity #EntraID

    ๐ŸŒ cyber[.]netsecops[.]io

    ๐Ÿ”— cyber.netsecops.io/articles/ro

  31. I'm now GNA 119 under CIRCL's GCVE system โ€” a decentralized vulnerability
    identification authority. I have authority to mint vulnerability
    identifiers for cloud findings, including ones where vendor CNAs decline
    to issue CVEs.

    I could start assigning IDs to my own research today. I won't.

    Cloud vulnerability validation shouldn't be one person's judgment. Mine
    or anyone else's.

    I'm forming a consensus panel of practitioners for each major cloud
    platform โ€” AWS, GCP, Azure, and managed services. GCVE-119 allocations
    will go through panel review, not solo decisions.

    Charter, scope, and membership criteria coming. Community input on
    structure welcome before anything is finalized.

    Background on GCVE and the cloud finding gap:
    olearysec.com/gcve/

    #infosec #vulnerability #GCVE #cloudsecurity #security

  32. I'm now GNA 119 under CIRCL's GCVE system โ€” a decentralized vulnerability
    identification authority. I have authority to mint vulnerability
    identifiers for cloud findings, including ones where vendor CNAs decline
    to issue CVEs.

    I could start assigning IDs to my own research today. I won't.

    Cloud vulnerability validation shouldn't be one person's judgment. Mine
    or anyone else's.

    I'm forming a consensus panel of practitioners for each major cloud
    platform โ€” AWS, GCP, Azure, and managed services. GCVE-119 allocations
    will go through panel review, not solo decisions.

    Charter, scope, and membership criteria coming. Community input on
    structure welcome before anything is finalized.

    Background on GCVE and the cloud finding gap:
    olearysec.com/gcve/

    #infosec #vulnerability #GCVE #cloudsecurity #security

  33. Researchers say deleted Google API keys may stay active for up to 23 minutes due to cloud propagation delays.

    The issue could reportedly allow continued access to Gemini uploads, APIs, and cloud resources after key deletion.

    technadu.com/google-api-keys-r

    #Cybersecurity #CloudSecurity #GoogleCloud #APIKeys

  34. Researchers say deleted Google API keys may stay active for up to 23 minutes due to cloud propagation delays.

    The issue could reportedly allow continued access to Gemini uploads, APIs, and cloud resources after key deletion.

    technadu.com/google-api-keys-r

    #Cybersecurity #CloudSecurity #GoogleCloud #APIKeys

  35. Researchers say deleted Google API keys may stay active for up to 23 minutes due to cloud propagation delays.

    The issue could reportedly allow continued access to Gemini uploads, APIs, and cloud resources after key deletion.

    technadu.com/google-api-keys-r

    #Cybersecurity #CloudSecurity #GoogleCloud #APIKeys

  36. Researchers say deleted Google API keys may stay active for up to 23 minutes due to cloud propagation delays.

    The issue could reportedly allow continued access to Gemini uploads, APIs, and cloud resources after key deletion.

    technadu.com/google-api-keys-r

    #Cybersecurity #CloudSecurity #GoogleCloud #APIKeys

  37. ๐Ÿšจ Lambda Watchdog CVE Report ๐Ÿšจ
    Latest AWS Lambda image scan detected 43 CVEs across 26 images:
    โ€ข ๐Ÿ”ด Critical: 3
    โ€ข ๐ŸŸ  High: 15
    โ€ข ๐ŸŸก Medium: 23
    โ€ข ๐Ÿ”ต Low: 2

    Check the full report ๐Ÿ‘‰ lambdawatchdog.com/

  38. ๐Ÿšจ Lambda Watchdog CVE Report ๐Ÿšจ
    Latest AWS Lambda image scan detected 43 CVEs across 26 images:
    โ€ข ๐Ÿ”ด Critical: 3
    โ€ข ๐ŸŸ  High: 15
    โ€ข ๐ŸŸก Medium: 23
    โ€ข ๐Ÿ”ต Low: 2

    Check the full report ๐Ÿ‘‰ lambdawatchdog.com/
    #AWS #Lambda #CVE #CloudSecurity #Serverless

  39. ๐Ÿšจ Lambda Watchdog CVE Report ๐Ÿšจ
    Latest AWS Lambda image scan detected 43 CVEs across 26 images:
    โ€ข ๐Ÿ”ด Critical: 3
    โ€ข ๐ŸŸ  High: 15
    โ€ข ๐ŸŸก Medium: 23
    โ€ข ๐Ÿ”ต Low: 2

    Check the full report ๐Ÿ‘‰ lambdawatchdog.com/
    #AWS #Lambda #CVE #CloudSecurity #Serverless

  40. Google API Keys Remain Usable for 23 Minutes After Deletion

    Deleting a Google API key doesn't mean it's immediately useless to hackers - in fact, our experiments show it can remain active for up to 23 minutes, allowing attackers to continue misusing it even after you've tried to revoke access.

    osintsights.com/google-api-key

    #CloudSecurity #ApiKeyManagement #CredentialMisuse #EmergingThreats #GoogleApiKeys