Devin Ferguson
@devbfergy.bsky.social
Security Engineer, thoughts here are my own and don’t represent any current, past, or future employer.
Reposted by Devin Ferguson
It would mean so much to me to have a turn out of the #cloudSecurity community to my talk at the @cloudvillage-dc.bsky.social
Tuesday | 11:00am
rsa2025.cloud-village.org#day-2
It’s not just as a belt n suspenders talk but a ‘why do we only suspenders’ talk.
It’ll be a little subversive 🖤
Tuesday | 11:00am
rsa2025.cloud-village.org#day-2
It’s not just as a belt n suspenders talk but a ‘why do we only suspenders’ talk.
It’ll be a little subversive 🖤
April 25, 2025 at 5:14 PM
It would mean so much to me to have a turn out of the #cloudSecurity community to my talk at the @cloudvillage-dc.bsky.social
Tuesday | 11:00am
rsa2025.cloud-village.org#day-2
It’s not just as a belt n suspenders talk but a ‘why do we only suspenders’ talk.
It’ll be a little subversive 🖤
Tuesday | 11:00am
rsa2025.cloud-village.org#day-2
It’s not just as a belt n suspenders talk but a ‘why do we only suspenders’ talk.
It’ll be a little subversive 🖤
Reposted by Devin Ferguson
AWS provides a comprehensive multi-account strategy for Fault Injection Service (FIS) that enables organizations to systematically validate workload resilience across different accounts using centralized management, role-based access controls, and controlled chaos engineering experiments.
Scaling AWS Fault Injection Service across your organization and accounts
AWS provides a comprehensive multi-account strategy for Fault Injection Service (FIS) that enables organizations to systematically validate workload resilience across different accounts using centralized management, role-based access controls, and controlled chaos engineering experiments.
aws-news.com
April 12, 2025 at 1:24 AM
AWS provides a comprehensive multi-account strategy for Fault Injection Service (FIS) that enables organizations to systematically validate workload resilience across different accounts using centralized management, role-based access controls, and controlled chaos engineering experiments.
Reposted by Devin Ferguson
Amazon EKS now supports Bottlerocket FIPS AMIs in managed node groups, offering enhanced security and compliance for containerized workloads in regulated industries.
Amazon EKS Adds Support for Bottlerocket FIPS AMIs in Managed Node Groups
Amazon EKS now supports Bottlerocket FIPS AMIs in managed node groups, offering enhanced security and compliance for containerized workloads in regulated industries.
aws-news.com
April 4, 2025 at 7:57 PM
Amazon EKS now supports Bottlerocket FIPS AMIs in managed node groups, offering enhanced security and compliance for containerized workloads in regulated industries.
Reposted by Devin Ferguson
Oracle has finally acknowledged to some customers that attackers have stolen old client credentials after breaching a "legacy environment" last used in 2017.
Oracle reportedly confirms Oracle Cloud breach to customers
Oracle has finally acknowledged to some customers that attackers have stolen old client credentials after breaching a "legacy environment" last used in 2017.
www.bleepingcomputer.com
April 3, 2025 at 3:27 PM
Oracle has finally acknowledged to some customers that attackers have stolen old client credentials after breaching a "legacy environment" last used in 2017.
Reposted by Devin Ferguson
This is absurdly great, but I haven't read a single news article about it. A fully open source, offline-first alternative to Notion that's a collab between the French and German governments because they want to host docs securely and on their own terms. THIS is what Europe should be doing.
Docs
Docs: Your new companion to collaborate on documents efficiently, intuitively, and securely.
docs.numerique.gouv.fr
March 16, 2025 at 11:03 PM
This is absurdly great, but I haven't read a single news article about it. A fully open source, offline-first alternative to Notion that's a collab between the French and German governments because they want to host docs securely and on their own terms. THIS is what Europe should be doing.
Reposted by Devin Ferguson
Kudos to whoever at Semgrep or Github started removing the compromised action (tj-actions), cause folks are now starting to get 404's.
Saving the businesses who won't respond until Monday:
semgrep.dev/blog/2025/po...
Saving the businesses who won't respond until Monday:
semgrep.dev/blog/2025/po...
Semgrep | 🚨 Popular GitHub Action tj-actions/changed-files is compromised
Popular GitHub Action tj-actions/changed-files has been compromised with a payload that appears to attempt to dump secrets, impacting thousands of CI pipelines.
semgrep.dev
March 15, 2025 at 3:05 PM
Kudos to whoever at Semgrep or Github started removing the compromised action (tj-actions), cause folks are now starting to get 404's.
Saving the businesses who won't respond until Monday:
semgrep.dev/blog/2025/po...
Saving the businesses who won't respond until Monday:
semgrep.dev/blog/2025/po...
Reposted by Devin Ferguson
Common reasoning is that SMS 2FA is bad due to the risk of SIM swapping. It’s also bad if the telecommunications networks are hostile 😬
www.forbes.com/sites/zakdof...
www.forbes.com/sites/zakdof...
FBI Warns iPhone And Android Users—Stop Sending Texts
US officials urge citizens to use encrypted messaging and calls wherever they can—here’s what you need to know.
www.forbes.com
December 5, 2024 at 2:43 PM
Common reasoning is that SMS 2FA is bad due to the risk of SIM swapping. It’s also bad if the telecommunications networks are hostile 😬
www.forbes.com/sites/zakdof...
www.forbes.com/sites/zakdof...