Cloud Security Partners

3️⃣ Non-voting election technologies are fundamental to our elections! Senior Policy Associate Saige Draeger will take the stage with experts from @CloudSecPartner & @EnhancedVoting for a crucial conversation on "Verifying Non-Voting Election Technology." 🔍

Looking forward to giving a webinar tomorrow on Defense-in-Depth engineering. We’ll talk through four key areas to help harden our applications and systems, including real tangible examples that folks can start utilizing right away. us02web.zoom.us/webinar/regist…

Michael McCabe de @CloudSecPartner nos explica como asegurar nuestra infraestructura con Terraform, incluyendo sus vulnerabilidades y las mejores prácticas para proteger los sistemas de IAC. youtu.be/OxtUkgs6JHc #HackGDL #HackGDL2025 #hacking #cybersecurity #Mexico

#FunFactFriday! 🌟 Did you know that you can easily set up and maintain a safe, multi-account #AWS environment with AWS Control Tower? It's like connecting with air traffic control to maintain the safety of your cloud tarmac. 🛫 ☁

If you’re in the DMV area - next week myself, @amanofwar , and others will be speaking at @CloudSecPartner “Summer Series” in Ashburn, VA. I’ll be discussing the history of AppSec, current gaps, and how AI can be leveraged to push us forward. cloudsecuritypartners.com/summer-series

Catch @mccabe615 talks tomorrow at 11 am at @hackmiami XI or 9 am on Sunday at @cackalackycon! To learn more on Remote Code Execution: How to Abuse Terraform to Elevate Access?

Wondering why we have been quiet recently? It's because we've been preparing something epic! We're excited to announce a 3-part summer conference series. The first event kicks off in June. For more details and to sign up, check out the link in the comments.

Want to dive into Infrastructure As Remote Code Execution: How to Abuse Terraform to Elevate Access? Catch @mccabe615 talks next week at @Hackmiami XI or @CackalackyCon! #InfrastructureAsCode #security

CISA has reported that a severe vulnerability in GitLab, CVE-2023-7028, is currently being exploited. This flaw permits malicious actors to redirect password reset emails to an email address of their choice, enabling potential account takeovers. darkreading.com/application-se…

In episode 3 of Cocktails & Cloud, join @forced_request as he makes the Blue Milk of Tatooine and explores 3 key #AWS Security Group practices. Secure your cloud with the Force! #MAYTHEFORCEBEWITHYOU youtube.com/watch?v=2QfqhY…

Alex went back to Highschool today! She went to talk to the students about careers in Cybersecurity. #cybersecurity #CareerGoals

Fun fact: We have a Cocktails and Cloud episode coming your way soon!

#throwbackthursday revisit #Firebase: Google Cloud’s Evil Twin, blog post analysis of Firebase's security challenges presented by SANS. The article shows how Firebase's user-friendly interface can unintentionally expose sensitive data. sans.org/blog/firebase-…

Check out our blog on Prompt Injections in #LLMs. These #vulnerabilities arise because LLMs can't differentiate between user inputs and system prompts. We discuss existing guardrails and design strategies to mitigate these risks. blog.cloudsecuritypartners.com/prompt-injecti…

This is supported by GreyNoise's findings that additional vulnerabilities require an additional untracked vulnerability. Consult Palo Alto Networks' CVE guidelines for mitigation and workaround techniques. #CVE #CyberSecurity cybersecuritydive.com/news/palo-alto…

Disabling telemetry is not an effective mitigation measure. Rapid7 determined that the exploit involves a secondary vulnerability outside of telemetry, an untracked vulnerability related to the GlobalProtect web server.

There has been an increase in attacks exploiting a command injection flaw, known as CVE-2024-3400, in the PAN-OS operating system of Palo Alto Networks' firewall. The vulnerability allows for unauthenticated code execution with elevated privileges.