theOmegabit

@theomegabit@infosec.exchange
373 Followers
795 Following
1.6K Posts
AWS SA Pro | CISSP / CCSP | Security Professional | Tech enthusiast | Photographer 📸
Photography@betapixels
Websitehttps://norsec.xyz
Bluesky@theomegabit
Threads@theomegabit
theOmegabit11h ago
Favorite talk so far at #fwdcloudsec?
theOmegabit17h ago
#fwdcloudsec day 🙂
theOmegabit2d ago

The every repeating cycle of “ship now” biting us (people in general) in the ass.

Sometimes it’s worth slowing down if even for a moment.

https://www.bleepingcomputer.com/news/security/asana-warns-mcp-ai-feature-exposed-customer-data-to-other-orgs/

Asana warns MCP AI feature exposed customer data to other orgs

Work management platform Asana is warning users of its new Model Context Protocol (MCP) feature that a flaw in its implementation potentially led to data exposure from their instances to other users and vice versa.

BleepingComputer
theOmegabit2d ago

There’s a decent amount of talk and research on specific AWS api calls that aren’t logged to cloudtrail but is there an all encompassing list (GitHub hopefully) that covers everything currently known?

#awssecurity

theOmegabit2d ago

The T in IoT is for trash

#cybersecurity

https://iank.org/posts/loftie-rce/

Remote Code Execution on 40,000 WiFi alarm clocks

While looking for an API to use with Home Assistant, I found a remote code execution vulnerability in a popular WiFi-connected alarm clock.

theOmegabit4d ago

Yikes

#cybersecurity

https://blog.koi.security/marketplace-takeover-how-we-couldve-taken-over-every-developer-using-a-vscode-fork-f0f8cf104d44

Marketplace Takeover: How We Could’ve Taken Over Every Developer Using a VSCode Fork; Putting Millions at Risk

TL;DR: We discovered a critical vulnerability in open-vsx.org, the open-source VS Code extensions marketplace powering popular VSCode forks like Cursor, Windsurf and VSCodium, used by over 8,000,000…

Koi Security
theOmegabit4d ago
Anyone going to @fwdcloudsec #cloudsecurity
theOmegabit4d ago

Cool Cloud Security learning challenge from Wiz

#cloudsecurity

https://www.cloudsecuritychampionship.com/

The Ultimate Cloud Security Championship | 12 Months Ă— 12 Challenges

Join our monthly cloud security CTF challenge, built by top Wiz researchers. Solve real-world scenarios and rise to the top of the leaderboard.

theOmegabitJun 18
Wiz Jun 18

🚨 We scanned GitHub and found *hundreds* of valid secrets, 4 of the top 5 were AI-related:
HuggingFace, Azure OpenAI, Weights & Biases, and Groq.

Read more:
https://www.wiz.io/blog/leaking-ai-secrets-in-public-code

theOmegabitJun 17

Minor annoyance - it looks like AWS renamed “Security Hub” of years past to “Security Hub CSPM” and then re-used “Security Hub” for this new functionality.

#awssecurity

https://aws.amazon.com/blogs/aws/unify-your-security-with-the-new-aws-security-hub-for-risk-prioritization-and-response-at-scale-preview/

Unify your security with the new AWS Security Hub for risk prioritization and response at scale (Preview) | Amazon Web Services

AWS Security Hub has been enhanced with new capabilities that integrate multiple AWS security services to automatically discover resources, evaluate risks, analyze attack paths, and provide AI-assisted recommendations, helping security teams prioritize critical issues and respond to threats at scale with improved visualization and remediation guidance.

Amazon Web Services