• VayFul®
  • Posts
  • CloudSec Wednesday: Bug Hunting In VMware, AWS Security, Security Logging in Cloud Environments, Purple Cloud, NVIDIA GPU Vulnerability

CloudSec Wednesday: Bug Hunting In VMware, AWS Security, Security Logging in Cloud Environments, Purple Cloud, NVIDIA GPU Vulnerability

Cybersecurity — For Security Professionals

Hey! James here.

Today’s edition covers Cloud Security, Container Security and DevSecOps Practices:

  • 📝 Using Lightweight Formal Methods to Validate a Key-Value Storage Node in Amazon S3, Security Logging in Cloud Environments - AWS!

  • 🔥 PurpleCloud, Amazon identified internet domains abused by APT29, NVIDIA GPU Display Driver vulnerability!

  • 🧠 Breaching AWS Through Shadow Resources, Bug Hunting In VMware Device Virtualization!

  • And more…

First time reading? Sign up here.

📰 Top Security News

  • NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability (AWS)

  • Amazon identified internet domains abused by APT29 | AWS Security (AWS)

  • Amazon seizes domains used in rogue Remote Desktop campaign to steal data (Bleepingcomputer)

📝 Best Of Blogs

  • Using Lightweight Formal Methods to Validate a Key-Value Storage Node in Amazon S3 (AWS)

  • Secrets and Shadows: Leveraging Big Data for Vulnerability Discovery at Scale APT29(Billdemirkapi)

  • Security Logging in Cloud Environments - AWS (Marco Lancini)

🧠 Learning Resources

🛠️ Tools

  • PurpleCloud: A little tool to play with Azure Identity Azure Active Directory lab creation tool. (GitHub)

  • Git-remote-s3: This library enables to use Amazon S3 as a git remote and LFS server. (Watchdog)

  • Gcp-ctf-workshop: A hitchhiker's guide to a Google Cloud CTF. (GitHub)

⚡️ Misc

  • Open Sourcing Venator. a kubernetes-native threat detection(Detect)

  • Leverage IAM Roles for email sending via SES from EC2 and eliminate a  common credential risk (AWS)

  • Security research on Private Cloud Compute (Apple Security Research)

🎯 Favorite Quote

“Life is really simple, but we insist on making it complicated.”
- Confucius

💡 ABOUT VAYFUL®

Vayful® is a cybersecurity newsletter that curates the best cybersecurity news, research, tools, blogs, talks, tutorials, and learning resources — specially handpicked for security professionals. The content is curated with love by security professionals.

Enjoyed this newsletter? Friends don’t keep good things to themselves - forward this to your friends and have them sign up here!

Did someone forward this email to you? Become a subscriber!

Have feedback or questions? Just hit reply and let us know.