AWS scans public GitHub repositories for leaked AWS credentials and alerts the user. The author intentionally leaked AWS credentials to a public GitHub repository to see what would happen. - AWS quickly added the "AWSCompromisedKeyQuarantineV2" policy to the IAM user account and informed the user vi.. read more  

In this article, a vulnerability in a DeFi project's liquidity pool is explored, caused by a denial-of-service attack vector that affects internal token balances. - The vulnerability arises when a Balancer multi-token flash loan is taken out for tokens with double entry points. - The article covers .. read more  

The author wrotes a blog post on how they reverse-engineered the Facebook Messenger API and turned it into a tutorial for others to follow. - The blog post warns against using reverse engineering for irresponsible behavior and provides examples of such behavior. - The post details a step-by-step gui.. read more  

This blog post discusses various methods to restrict SSH access to a Linux server by IP address for enhanced security, including modifying the sshd_config file, using TCP wrappers, and implementing firewall rules. The post also covers additional SSH security hardening best practices such as using a.. read more  

This blog post discusses the most common unexpected charges on AWS bills that can significantly increase the overall cost of using AWS services. - The author provides tips on how to avoid these charges, such as using AWS Auto Scaling, Reserved Instances or Savings Plans, and monitoring data transfer.. read more  

Nora Jones, CEO & Founder ofJeli, talks about building Production Readiness Review (PRR) process & how its emphasis on context and psychological safety promotes proactive behavior. Jones presents tangible ways to start building a PRR process that fits your organization's unique context while educat.. read more  

In the midst of a crisis, external communication with customers can easily fall down the list of priorities for a company. However, it is crucial to prioritize communication during these times to build trust and strengthen relationships with customers. Atlassian's recent outage serves as an example.. read more  

The Security Operations team at Grafana Labs has developed apySigmaGrafana Loki backend that can help security teams identify suspicious or malicious activity in log files. They use theSigma project, which is a generic structured format for sharing methods for identifying such activity in log files... read more  

The article discusses the process of improving the monitoring system at Riskified. The team identified pain points and goals, including bottleneck on changes in the monorepo, crashing Prometheus, inability to silence alerts easily, and removing hardcoded secrets in Alertmanager config. They consid.. read more  

This article discusses sharding in Prometheus, a technique used to distribute the load of collecting metrics across multiple instances. The article describes a problem where the number of metrics being scraped was growing non-linearly, causing increased memory and CPU costs. The root cause was iden.. read more