DevSecOps Weekly Newsletter, Zeno, a FAUN Newsletter. ๐ View in your browser ย |ย โ๏ธ Publish on FAUN.dev ย |ย ๐ฆ Become a sponsor
Zeno
Curated DevSecOps news, tutorials, tools and more!
โญ Patrons
bridgecrew.io
Address cloud security issues right from your CI/CD pipeline, enable automated scanning and inline fixes, and ship secure code fast with Bridgecrew.
goteleport.com
The open-source Teleport Access Plane consolidates connectivity, authentication, authorization, and audit into a single platform. Teleport's unique approach is not only more secure but also improves developer productivity. Get started today.
๐พ From FAUNers
faun.dev
๐ Stories, Tutorials & Articles
bulletproof.co.uk
This blog will help you understand the importance of data retention, as well as how long personal data should be stored and the consequences of holding onto data for longer than necessary.
networkcomputing.com
In an increasingly perilous world, zero trust for network user verification is more than just a good ideaโit's essential.
lightspin.io
Lightspin obtains credentials to an internal AWS service by exploiting a local file read vulnerability on the RDS EC2 instance using the log_fdw extension.
amazon.com
In this post, you will see how easy it is to secure your VGS Inbound and Outbound Connections using the VGS software-as-a-service (SaaS) solution, which enables you to collect, protect, and exchange any type of sensitive information.
csoonline.com
Sigma rules allow you to detect anomalies in log events and identify suspicious activity.
geekflare.com
MITM attacks allow perpetrators to eavesdrop on the communication between a user and an application while making it look as though the communication is proceeding as it should.
cyble.com
Cyble analyzes the instances of misconfigured Kubernetes clusters and how they could potentially be exploited by Threat Actors.
earthly.dev
Cuelang is an extension of YAML and a command-line tool to validate your YAMl file . It is a static type system for configuration . It can be used to detect problems before they happens.
๐บ Quick Hits
โจ Join us for the 7th edition of ContainerDays Hybrid - Europeโs flagship conference gathering cloud-native enthusiasts from around the world. Networking opportunity & great learning experience you can't miss!
Red Hat released the 2022 State of Kubernetes report based on survey results from over 300 DevOps, engineering, and security professionals. 93% experienced at least one security incident in their Kubernetes environments in the last 12 months, leading to revenue or customer loss for 69%.ย
A new report from Cisco Talos Intelligence Group exposes new tools used in Avos ransomware attacks: The Avos ransomware threat actor has recently updated its tooling, not only using malicious software but also commercial products.
Microsoft has incorporated additional improvements to address the recently disclosed SynLapse security vulnerability in order to meet comprehensive tenant isolation requirements in Azure Data Factory and Azure Synapse Pipelines.
Cloud Armor strengthens its defenses with new features to counter advanced L7 attacks and block malicious bots.
Microsoft announced that the new Microsoft Certified: Cybersecurity Architect Expert certification is now generally available. To earn this certification, you must pass Exam SC-100: Microsoft Cybersecurity Architect, along with one of the prerequisite exams.
Russiaโs invasion of Ukraine shows the importance of supporting infrastructure in countries vulnerable to nation-state cyberattacks, US and EU officials said.
A remote memory-corruption vulnerability has been disclosed in the latest version of the OpenSSL library. The issue has been identified in OpenSSL version 3.0.4, which was released on June 21, 2022, and impacts x64 systems with the AVX-512 instruction set.
๐ฆ Videos, Talks & Presentations
youtube.com
This video is about Kubernetes cluster scanning. Specifically, you are going to use first the Trivy CLI and then the Trivy Operator to scan your cluster for security issues including vulnerabilities and misconfiguration.
โ๏ธ Tools, Apps & Software
github.com
Run individual controls or full compliance benchmarks for CIS, PCI, NIST, HIPAA and more across all of your AWS accounts using Steampipe.
github.com
An open project to list all publicly known cloud vulnerabilities and CSP security issues
github.com
Linux eBPF backdoor over TCP. Spawn reverse shells, RCE, on prior privileged access. Less Honkin, More Tonkin.