fwd:cloudsec Europe

66% of compromised AWS accounts are because of leaked IAM access tokens. A third of them belong to root users. TLDR: Stop using long lived tokens!

Links

• https://www.stepsecurity.io/blog/harden-runner-detection-tj-actions-changed-files-action-is-compromised
• https://github.com/step-security/harden-runner
• https://github.com/reverseclabs/strifebot
• https://github.com/prowler-cloud/prowler
• https://github.com/pushsecurity/saas-attacks
• https://github.com/gitguardian/ggcanary