DevSecOps Weekly Newsletter, Zeno, a FAUN Newsletter. π View in your browser Β |Β βοΈ Publish on FAUN.dev Β |Β π¦ Become a sponsor
Zeno
Curated DevSecOps news, tutorials, tools and more!
π The Opening Call
ππ Tech Enthusiasts, Assemble! ππ
Calling all DevOps heroes, Kubernetes sailors, Golang wizards, and Cloud-natives! π
FAUN has Subreddits just waiting for you. Join the community, where sharing is caring, and knowledge is limitless! π
- π» Live and breathe DevOps? Join DevOpsLinks!
- β Mastering the K8s? Set sail on KubernetesLinks!
- πΉ Go-ing crazy for Go? Get in on GolangLinks!
- π Got security woven into your code? Secure your spot at DevSecOpsLinks!
- π Pythonista at heart? Slither into PythonLinks!
- π€ Curious about AIβs endless possibilities? Get smart with AILinks!
- βοΈ Navigating the Cloud-native space? Soar through CloudNativeLinks!
- π‘ Got code in your veins? Share your snippets at ProgrammingLinks!
- π©οΈ Mastering the Azure skies? Fly high at AzureLinks!
- π Exploring Google's cloud horizon? Discover wonders at GoogleCloudLinks!
- π¦οΈ Sailing through Amazon's vast cloud? Embark on AWSLinks!
- β‘ Harnessing the power of Serverless? Energize at ServerlessLinks!
Engage in thought-provoking discussions, share your mighty projects, soak in wisdom from industry gurus, and forge bonds with tech aficionados around the globe! πππ¬
The realms of knowledge are infinite β let's explore them together! ππ₯
βΉοΈ News, Updates & Announcements
cloud.google.com
Google Kubernetes Engine (GKE) has announced the availability of its security posture dashboard, which offers a streamlined interface for managing the security of GKE clusters. The dashboard includes features such as misconfiguration detection and vulnerability scanning to ensure the safety and security of applications in large and complex clusters.
π Stories, Tutorials & Articles
labs.hakaioffsec.com
Nginx, a dominant web server since 2004, is widely used across websites and Docker containers. This article explores Nginx's intricacies, including the location and alias directives, potential vulnerabilities arising from misconfigurations, and real-world case studies showcasing the risk of data exposure.
www.wiz.io
Reduce privilege and tighten IAM policy by identifying and removing unnecessary access keys, using IAM access advisor for service level adjustments, and considering alternative authentication solutions to minimize risk associated with AWS access keys.
positive.security
Auto-GPT arbitrary code execution and docker escape: Researchers discovered a vulnerability in Auto-GPT that allowed attackers to execute arbitrary code by injecting prompts and manipulating the user approval process. They also found a method to escape the Auto-GPT docker image and gain access to the host system. These vulnerabilities were addressed in version 0.4.3.
x64.sh
A vulnerability in ServiceNow allows a low-privilege user to gain unauthorized full administrative access to the platform. By exploiting certain vulnerabilities, such as insecure access control and session token manipulation, an attacker can escalate their privileges from a standard user to an administrator on the ServiceNow instance.
obkio.com
Unleash your inner network admin and conquer the mystery of packet duplication in the digital landscape of modern business. Learn how to identify and mitigate packet duplication to maintain data integrity and optimize network performance.
kubernetes.io
Confidential computing, using hardware-enforced trusted execution environments (TEEs) like secure enclaves, improves cluster security in the cloud-native ecosystem, particularly in Kubernetes. TEEs provide a secure and trusted execution environment for critical cryptographic operations and protect sensitive data, while technologies like AMD SEV, Intel SGX, and Intel TDX offer TEE capabilities that are closely integrated with the userspace, providing low overhead and specific use case optimizations.
security.googleblog.com
The rise in supply chain attacks on software has made it crucial for open-source developers using Go to monitor and assess the risks of their dependencies. Go provides built-in protections to help trust the integrity of packages, including the ability to detect and prevent malicious versions or withdrawals of dependencies.
www.gosecure.net
The Microsoft SQL Server has an undocumented design choice that allows it to bypass web application firewalls (WAFs) due to a lax attitude towards SQL parsers. This unorthodox design choice can potentially be exploited by hackers to bypass security protections provided by WAFs.
blogs.manageengine.com
Late in May, a SQL injection vulnerability was discovered in the file sharing application Moveit Transfer, leading to a potential breach of high-profile customer data. The Clop ransomware gang is believed to be behind the attack, using the exploit to target multiple organizations.
media.defense.gov
This CSI explains how to integrate security best practices into typical software development and operations (DevOps) Continuous Integration/Continuous Delivery (CI/CD) environments, without regard for the specific tools being adapted, and leverages several forms of government guidance to collect and present proper security and privacy controls to harden CI/CD cloud deployments. As evidenced by increasing compromises over time, software supply chains and CI/CD environments are attractive targets for malicious cyber actors (MCAs).
β Supporters
leanpub.com
We are thrilled to announce a special offer for our widely acclaimed book, "Cloud Native Microservices With Kubernetes - A Comprehensive Guide to Building, Scaling, Deploying, Observing, and Managing Highly-Available Microservices in Kubernetes".
Starting today and running until July 31st, we're offering an exclusive 20% discount off the regular price!
To take advantage of this offer, simply use this coupon link .
Don't miss this opportunity. Remember, the offer is only valid until July 31st. Grab your copy now and unlock the full potential of cloud-native microservices with Kubernetes!
We look forward to empowering your journey in the world of cloud computing!
Happy learning!
FAUN Team
ποΈ Swag, Deals, And Offers
βοΈ Tools, Apps & Software
github.com
GTFOBins is a curated list of Unix binaries that can be used to bypass local security restrictions in misconfigured systems
github.com
EarlyBird is a sensitive data detection tool capable of scanning source code repositories for clear text password violations, PII, outdated cryptography methods, key files and more.
π€ Did you know?
The Apollo 11 guidance computer, which helped land humans on the moon, had less processing power than a modern-day smartphone.
π Meme of the week
