User-Specific Secrets on AWS: IAM Policies ACM.82 IAM Policies to allow users to describe their own secrets This is a continuation of my series of posts on Automating Cybersecurity Metrics. In the last post, we created an SSH key for a user programatically. I created a policy for our Developer Group Role using the ${aws:username} parameter which […]
Cyber News, Cyber Threat TrendsEven as ransomware continues to be at the forefront of global news and company after company reports attacks, many still […]
Cyber News, Cyber Threat Trends
Another non-sensical Policy Document error message in CloudFormation I may have written about this before but this one of the worst error messages for Policy Documents in existence. How is an end user reading this error message supposed to know what to do with this? The policy failed legacy parsing (Service: AmazonIdentityManagement; Status Code: 400; Error […]
Cyber News, Cyber Threat Trends
AMLBot, a service that helps businesses avoid transacting with cryptocurrency wallets that have been sanctioned for cybercrime activity, said an investigation published by KrebsOnSecurity last year helped it shut down three dark web services that secretly resold its technology to help cybercrooks avoid detection by anti-money laundering systems. Antinalysis, as it existed in 2021. In […]
Cyber News, Cyber Threat Trends
ACM.81 Altering code that uses SSM Parameter Store to use AWS Secrets Manager This is a continuation of my series of posts on Automating Cybersecurity Metrics. I’ve been writing about creation of an EC2 SSH Key for use with an EC2 instance. I explained that I want to create the key in a manner that provides […]
Cyber News, Cyber Threat Trends
Tata Power Company Limited, India’s largest integrated power company, on Friday confirmed it was targeted by a cyberattack. The intrusion on IT infrastructure impacted “some of its IT systems,” the company said in a filing with the National Stock Exchange (NSE) of India. It further said it has taken steps to retrieve and restore the affected machines, […]
Cyber News, Cyber Threat TrendsIt’s aimed at children, but it’s a good primer. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Read my blog posting guidelines here.
Cyber News, Cyber Threat TrendsWith the end of support looming, you need to plan to replace Exchange Server 2013 in the next few months, but there are more options than just upgrading. The post April is the end of Exchange 2013: Here’s what you need to know appeared first on TechRepublic.
Cyber News, Cyber Threat Trends
Details have emerged about a now-patched security flaw in Windows Common Log File System (CLFS) that could be exploited by an attacker to gain elevated permissions on compromised machines. Tracked as CVE-2022-37969 (CVSS score: 7.8), the issue was addressed by Microsoft as part of its Patch Tuesday updates for September 2022, while also noting that it was […]
Cyber News, Cyber Threat Trends