Dragon Cloud Security Podcast artwork

GitHub Actions Security Best Practices, TeamTNT Malicious Docker Image, AWS WF Bug, NPM Malware, Discourse SNS RCE

Dragon Cloud Security Podcast

English - October 26, 2021 10:00 - 7 minutes - 5.39 MB
Technology Homepage Download Apple Podcasts Google Podcasts Overcast Castro Pocket Casts RSS feed
Previous Episode: Kubernetes Notebooks and checklists, K8 Hacking Book, GitHub Actions Vulnerability, TwitchLeak analysis, Azure Priv Esc
Next Episode: Containers Breakout, Kaspersky SES stolen, Supply Chain Attack Defense, MFA, Semgrep

Intro

Welcome Dear listeners, I’m Viktor your host and as a weekly basis I will share news, articles, techniques, tools that is related to Cloud, SaaS, IaaC security. All the URLs for the news, articles and tools can be found here: https://www.buzzsprout.com/1844597

Articles

Team TNT Deploys Malicious Docker Image On Docker Hub - https://www.uptycs.com/blog/team-tnt-deploys-malicious-docker-image-on-docker-hub-with-pentesting-tools

 Attacking and Securing CI/CD Pipeline - https://speakerdeck.com/rung/cd-pipeline, https://github.com/rung/threat-matrix-cicd

 Github Actions Security Best Practices - https://engineering.salesforce.com/github-actions-security-best-practices-b8f9df5c75f5

 GitHub Actions for security and compliance - https://github.blog/2021-10-22-github-actions-for-security-compliance/

 How to improve your Docker containers security [cheat sheet included] - https://blog.gitguardian.com/how-to-improve-your-docker-containers-security-cheat-sheet/

 Container security best practices: Comprehensive guide - https://sysdig.com/blog/container-security-best-practices/

 Securing Kubernetes Secrets with Conjur - https://www.infracloud.io/blogs/securing-kubernetes-secrets-conjur/

 Introducing the new Azure SDK Resource Management Libraries for .NET - https://devblogs.microsoft.com/azure-sdk/introducing-the-new-azure-sdk-resource-management-libraries-for-net/

 A Scientific Notation Bug in MySQL left AWS WAF Clients Vulnerable to SQL Injection - https://www.gosecure.net/blog/2021/10/19/a-scientific-notation-bug-in-mysql-left-aws-waf-clients-vulnerable-to-sql-injection/

 Protecting Microsoft 365 from on-premises attacks - https://docs.microsoft.com/en-us/azure/active-directory/fundamentals/protect-m365-from-on-premises-attacks

 Franken-phish: TodayZoo built from other phishing kits - https://www.microsoft.com/security/blog/2021/10/21/franken-phish-todayzoo-built-from-other-phishing-kits/

 Microsoft 365 will get support for custom ARC configurations - https://www.bleepingcomputer.com/news/microsoft/microsoft-365-will-get-support-for-custom-arc-configurations/

 Managing permissions for Log Analytics and Workbooks - https://msendpointmgr.com/2021/10/23/managing-permissions-for-log-analytics-and-workbooks/

 Malware found in npm package with millions of weekly downloads - https://therecord.media/malware-found-in-npm-package-with-millions-of-weekly-downloads/

 Discourse SNS webhook RCE - https://0day.click/recipe/discourse-sns-rce/

Tools

Grype - https://github.com/anchore/grype

 AWS Lambda - IAM Access Key Disabler - https://github.com/te-papa/aws-key-disabler

 KubExplorer - https://github.com/Pscheidl/kubexplorer

 Failed logon attempts originating from public IP addresses - https://github.com/alexverboon/MDATP/blob/master/AdvancedHunting/Failed%20Logon%20-%20Public%20IP.md

 RBAC Tool For Kubernetes - https://github.com/alcideio/rbac-tool

 VirusTotal Behavior with Microsoft Sysmon Detonation - https://github.com/Azure/Azure-Sentinel-Notebooks/blob/master/VirusTotal%20File%20Behavior%20Explorer%20-%20MS%20and%20Sysmon%20detonation.ipynb

Outro

That’s all for this episode. Thank you for listening and have a secure day!