Tag: cloudsecurity

A step-by-step guide on how to identify Log4j vulnerabilities on Windows machines using log4jscanwin

Developers may sometimes, accidentally or due to the lack of security knowledge, store secrets, keys or passwords within code repositories. These may then get leaked over the Internet, resulting in attackers taking over accounts or accessing sensitive information. This article describes how you can scan your Github org repos for secrets.

An authentication bypass within Apache Airflow allowed an attacker to login as any user in the Airflow system. Post exploitation within the app, led to a full cloud account compromise on AWS.

A quick technical analysis of the AWS CloudShell service that provides a pre-configured shell on the cloud with access to your AWS account.

A new vulnerability named CVE-2020-15257 has been discovered in the networking namespace. Our blog covers the details.

Multi factor authentication (MFA) provides an additional layer of security and must be enabled whenever possible. In this article we go through the detailed steps to enable MFA for an AWS account Root user.