Configure IP rules to enable access to an Azure container registry from selected public IP addresses or address ranges.| learn.microsoft.com
We observed that granting Azure Reader role at subscription or resource group level allows users to pull container images from Azure Container Registry instances, thus potentially reveling confidential or sensitive data to unauthorised parties.| blog.scrt.ch
In this third blog post, we will discuss lateral movement risks from the cloud to Kubernetes. We will explain attacker TTPs, and outline best practices for cloud builders and defenders to help secure their cloud environments and mitigate risk.| wiz.io