“Cyber Pulse: Leading Insights in Identity, Security, and Tech Evolution"

Welcome to the latest edition of UberEther Insights, your quintessential guide to the ever-evolving landscapes of technology and cybersecurity.

As technology relentlessly forges ahead, creating new opportunities and challenges, it's imperative to stay at the forefront of innovation and security. From exploring the intricacies of authorization models like ReBAC to dissecting complex cybersecurity threats in modern ML platforms, our selection covers a spectrum of topics that are essential for tech professionals today.This edition is designed to arm you with knowledge, spark discussions, and offer perspectives that propel you to think and act ahead of the curve. Whether you're delving into the nuances of AWS CloudShell or understanding the compliance hurdles in the federal sector, each article has been chosen to enhance your understanding and fuel your curiosity.

Join us on this journey of discovery and stay ahead in the dynamic world of technology and cybersecurity with UberEther Insights.

Identity:

1. Breaking Down Complex Authorization Beyond Login with ZITADEL - Time to Read: 6 minutes - As we move towards a zero-trust mindset, the limitation of coarse-grained security measures like the traditional RBAC system become clear. An essential part of the shift to zero trust that often goes undiscussed is the move from coarse-grained to fine-grained security.
2. Discover ReBAC, the next-generation authorization model compatible with DDD - Time to Read: 7 minutes - Thomas Pierrain. (υ?e ca?e drιven) TL;DR: At Agicap, we’ve started using ReBAC to manage user rights and permissions. ReBAC is an entirely new paradigm for authorization management.

Security:??

1. Fuzzing and Bypassing the AWS WAF - Time to Read: 4 The Sysdig Threat Research Team discovered techniques that allowed the AWS WAF to be bypassed using a specialized DOM event.
2. Playing with Fire – How We Executed a Critical Supply Chain Attack on PyTorch - Time to Read: 18 minutes - Security tends to lag behind adoption, and AI/ML is no exception. Four months ago, Adnan Khan and I exploited a critical CI/CD vulnerability in PyTorch, one of the world’s leading ML platforms.

DevOps:

1. Roblox Builds New Cellular Infrastructure to Improve Gaming Experience - Time to Read: 4 minutes - The online game platform and creation system Roblox has detailed how they have made their infrastructure more efficient and resilient, to support the demands of more than 70 million active daily users engaged in immersive gaming experiences.
2. Deep dive into AWS CloudShell - Time to Read: 3 minutes AWS CloudShell got a new capability in January 2024: running Docker containers. This piqued my curiosity because Docker-in-Docker usually implies privileged containers, and I have previously used that to escape CodeBuild onto the parent EC2 instance.

Compliance:?

1. The financial sector’s choice: fast, secure, and highly available real-time data warehousing based on Apache Doris - Time to Read: 8 minutes This is a whole-journey guide for Apache Doris users, especially those from the financial sector which requires a high level of data security and availability.
2. Cloud Security: Federal Authorization Program Usage Increasing, but Challenges Need to Be Fully Addressed - Time to Read: 3 minutes The Office of Management and Budget (OMB) established the Federal Risk and Authorization Management Program (FedRAMP) to provide a standardized approach for authorizing the use of cloud services.

Tools/Projects:?

1. Onboarding Templates: How Should I Design My Program? - Time to Read: 3 minutes Whether it's your first time building a Customer Experience program or you're a seasoned CX pro, it can be a challenge deciding what to focus on when setting up a new CX survey project.

About UberEther?

UberEther is a full-stack technology integrator that builds innovative solutions for our clients and turns their security and access control needs into a value-added enabler that transforms the organization in previously impossible ways.

More than anything, though, we want to be a partner in your success. We want to work with you to meet your larger security goals, turning what many see as an obstacle into an asset.

In Conclusion?

As we conclude this edition of UberEther's Newsletter, we hope the insights and discussions presented have been enlightening and inspiring. The realms of Identity, Security, DevOps, Compliance, and Tools/Projects are not just foundational to the tech industry; they are the driving forces shaping its future. We encourage you to explore these topics further and engage with the content to enhance your professional knowledge and skills. Stay tuned for our next issue, where we will continue to bring you the latest trends, innovations, and thought leadership from the world of technology. Thank you for joining us on this journey of discovery and growth.