Popular:
Virtualization DNS security formal verification reachability analysis compiler errors macro conflict web extension development framework Bitmap Graphics API inconsistencies All Tags

Critical Azure Vulnerabilities: Misconfigured Roles & VPN Key Leak

2025-07-02
Critical Azure Vulnerabilities: Misconfigured Roles & VPN Key Leak

Security researchers discovered multiple misconfigured Azure built-in roles granting excessive permissions. Coupled with a vulnerability in the Azure API allowing VPN key leaks, this creates an attack chain enabling a low-privileged user to access internal cloud assets and on-premises networks. The research details the discovery process, implications, and mitigation strategies. Ten built-in roles were found to be over-privileged, while the VPN key leak vulnerability has been patched by Microsoft. Recommendations include auditing problematic roles, using limited scopes, and creating custom roles with fine-grained permissions.

Read more
(www.token.security)
Tech VPN Key Leak

Critical AWS Tool Flaw: Privilege Escalation Vulnerability

2025-05-05
Critical AWS Tool Flaw: Privilege Escalation Vulnerability

Security firm Token Security uncovered a critical vulnerability in AWS's Account Assessment tool. Intended to audit cross-account access, its deployment instructions inadvertently encouraged users to deploy the hub role in less secure accounts (like development), creating dangerous trust paths from insecure to highly sensitive environments (like production). This allowed for privilege escalation, potentially granting attackers control over the entire AWS organization. AWS fixed the issue on January 28, 2025, updating documentation to recommend deploying the hub role in an account as secure as the management account. Affected organizations should check their deployments and remediate accordingly.

Read more
(www.token.security)
Tech AWS Security Cross-Account Access

Tracking Down Ownership of IaC-Generated Non-Human Identities

2025-04-09
Tracking Down Ownership of IaC-Generated Non-Human Identities

Infrastructure as Code (IaC) tools enable rapid creation of numerous non-human identities (NHIs) in cloud environments. However, tracking the owners of these IaC-generated NHIs presents a significant challenge. This blog post explores a tag-based approach, adding tags to Terraform code to trace files involved in resource creation and thus identify NHI owners. While this approach faces practical hurdles like tag inheritance and cross-platform compatibility, it offers a potential solution for IaC-generated NHI ownership issues and assists DevOps teams in better tracking and managing their IaC identities.

Read more
(www.token.security)
Development