- VayFul®
- Posts
- CloudSec Wednesday: Bug Hunting In VMware, AWS Security, Security Logging in Cloud Environments, Purple Cloud, NVIDIA GPU Vulnerability
CloudSec Wednesday: Bug Hunting In VMware, AWS Security, Security Logging in Cloud Environments, Purple Cloud, NVIDIA GPU Vulnerability
Cybersecurity — For Security Professionals
Hey! James here.
Today’s edition covers Cloud Security, Container Security and DevSecOps Practices:
📝 Using Lightweight Formal Methods to Validate a Key-Value Storage Node in Amazon S3, Security Logging in Cloud Environments - AWS!
🔥 PurpleCloud, Amazon identified internet domains abused by APT29, NVIDIA GPU Display Driver vulnerability!
🧠 Breaching AWS Through Shadow Resources, Bug Hunting In VMware Device Virtualization!
And more…
First time reading? Sign up here.
📰 Top Security News
NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability (AWS)
Amazon identified internet domains abused by APT29 | AWS Security (AWS)
Amazon seizes domains used in rogue Remote Desktop campaign to steal data (Bleepingcomputer)
📝 Best Of Blogs
Using Lightweight Formal Methods to Validate a Key-Value Storage Node in Amazon S3 (AWS)
Secrets and Shadows: Leveraging Big Data for Vulnerability Discovery at Scale APT29(Billdemirkapi)
Security Logging in Cloud Environments - AWS (Marco Lancini)
🧠 Learning Resources
Breaching AWS Through Shadow Resources (Yakir Kadkoda, Michael Katchinskiy, Ofek Itach)
Bug Hunting In VMware Device Virtualization (JiaQing Huang, Hao Zheng, Yue Liu)
Exploiting Cloud Provider Vulnerabilities for Initial Access (Nick Frichette)
🛠️ Tools
⚡️ Misc
Open Sourcing Venator. a kubernetes-native threat detection(Detect)
Leverage IAM Roles for email sending via SES from EC2 and eliminate a common credential risk (AWS)
Security research on Private Cloud Compute (Apple Security Research)
🎯 Favorite Quote
“Life is really simple, but we insist on making it complicated.”
- Confucius
💡 ABOUT VAYFUL®
Vayful® is a cybersecurity newsletter that curates the best cybersecurity news, research, tools, blogs, talks, tutorials, and learning resources — specially handpicked for security professionals. The content is curated with love by security professionals.
Enjoyed this newsletter? Friends don’t keep good things to themselves - forward this to your friends and have them sign up here!
Did someone forward this email to you? Become a subscriber!
Have feedback or questions? Just hit reply and let us know.