Release Date: 22/08/2021 | Issue: 101
The Cloud Security Reading List is a low volume newsletter (delivered once per week) that highlights security-related news focused on the cloud native landscape, hand curated by Marco Lancini.
Sponsor

πŸ“« Securing your email πŸ“«
Successful phishing attacks are making way for an increase in business email compromise. Simply turning on multi-factor authentication (MFA) is no longer enough to halt crafty attackers, as bad actors continually find ways to bypass MFA, and are even creating fake Okta pages to steal user credentials. To prevent these attacks, you need detection and response strategy for the email attack lifecycle. Let us show you how.
View the on-demand webcast

This week's articles


Inside Figma: securing internal web apps
#aws, #build, #defend
A deep-dive into how Figma built a system for securing internal web applications that lets them require SSO authentication, enforce fine-grained authorization (via Okta groups), and support CLI tools, all using ALBs, AWS Cognito, and Okta.


Threat Hunting with Kubernetes Audit Logs - Part 2
#kubernetes, #monitor
Part 2 of the "Threat Hunting with Kubernetes Audit Logs" series, which explains how to use the MITRE ATT&CK framework to hunt for attackers in your Kubernetes audit logs.


An Introduction to AWS Firewall Manager
#aws, #defend
What is AWS Firewall Manger and how can it help you secure your organization?


KONTRA's AWS Top 10
#attack, #aws, #defend, #explain
A series of free interactive security training modules that teach developers how to identify and mitigate security vulnerabilities in their AWS-hosted cloud applications.


AWS Condition Context Keys for Reducing Risk
#aws, #explain, #iam
Post taking a closer look at the "aws:CalledVia*" and "aws:ViaAWSService" keys, and how you can use them to achieve least privilege.


Visual Explanation of SCP Inheritance for AWS Organizations
#aws, #explain, #iam
Walk through a graphical explanation for how SCPs function and provide an approach for following AWS's design in applying least privilege in an ever increasing way.


The Unofficial GKE Security Guide
#gcp, #gke, #kubernetes
Guide which aims to help prioritize and implement a security posture that meets your organization's needs while taking advantage of all the benefits of GKE.


Leaving Bastion Hosts Behind
#defend, #design, #gcp
Post examining GCP services like OS Login and Identity-Aware Proxy (IAP), and showing how they can be used as an alternative to bastion hosts.


Encrypted Secrets in Helm Charts
#build, #kubernetes
How to add and use encrypted secrets in custom Helm charts.


Using The Update Framework in Sigstore
#build, #docker, #kubernetes
A technical update on how Sigstore is integrating The Update Framework into the Sigstore projects and infrastructure.

Tools


kubescape
Test if your Kubernetes cluster is deployed securely as defined in NSA's Kubernetes Hardening Guidance.


havener
Think of it as a swiss army knife for Kubernetes tasks.


Cloud-Katana
Cloud Katana is a cloud native tool developed from the need to automate the execution of simulation steps in multi-cloud and hybrid cloud environments.


GCP API key rotation checker
This script will crawl your entire GCP Organization and inform you of any API keys over 90 days that need to be rotated.

From the cloud providers


AWS Icon  Build an end-to-end attribute-based access control strategy with AWS SSO and Okta
Post discussing the benefits of using an attribute-based access control (ABAC) strategy and describing how to use ABAC with AWS Single Sign-On (AWS SSO) when you're using Okta as an identity provider (IdP).


AWS Icon  Preventing Free Trial Abuse with AWS Managed Services
Post outlining common free trial abuse attack vectors and presents prevention techniques. It also shows how to incorporate Amazon Fraud Detector into your architecture to catch free trial abuse faster and more frequently.


AWS Icon  Amazon EC2 customers can now use ED25519 keys for authentication during instance connectivity operations
AWS customers can use ED25519 keys to prove their identity when connecting to EC2 instances. ED25519 is an elliptic curve based public-key system commonly used for SSH authentication.


AWS Icon  Introducing public builds for AWS CodeBuild
Using AWS CodeBuild, you can now share both the logs and the artifacts produced by CodeBuild projects. This blog post explains how to configure an existing CodeBuild project to enable public builds.


AWS Icon  AWS Systems Manager Change Manager now supports AWS IAM roles as approvers
Change Manager, a capability of AWS Systems Manager, now allows you to specify AWS Identity and Access Management (IAM) role as approvers for change requests and change templates.


GCP Icon  How to conduct live network forensics in GCP
Collect and preserve vital evidence for the digital forensic process while the incident response team resolves an incident.


GCP Icon  Troubleshoot GKE faster with monitoring data in your logs
View contextual Monitoring data in your GKE log lines. Easily see the relevant pod, node and cluster events and metrics for your pod.


GCP Icon  Foundational best practices for securing your cloud deployment
Post highlighting several best practices for security practitioners and platform teams to use with setting-up, configuring, deploying, and operating a security-centric infrastructure for their organization.


GCP Icon  Saving the day: How Cloud SQL makes data protection easy
Backup, high availability, and replication all play key roles in making your applications fault-tolerant.


GCP Icon  The Financial Services Industry Sees Increasing Public Cloud Adoption as Driving Innovation and Compliance
The financial industry is looking at the cloud as a key technology that can improve performance across a broad range of activities.


Azure Icon  Azure DDoS Protection - 2021 Q1 and Q2 DDoS attack trends
In this review, the Azure DDoS Protection team shares trends and insights into DDoS attacks they observed and mitigated throughout the first half of 2021.


Azure Icon  Azure Government Top Secret now generally available for US national security missions
Microsoft announced the general availability of Azure Government Top Secret, committing to bring commercial innovation to government customers across all data classifications.


Azure Icon  Azure Sentinel new onboarding/offboarding API
Microsoft introduced a new API endpoint which allows to manage Azure Sentinel instances seamlessly on a workspace through the API. The endpoint provides a single source of truth for performing the different operations required for a complete creation/deletion (aka onboarding/offboarding) of Azure Sentinel on a workspace.

Thanks for reading!

If you found this newsletter useful and interesting, and know other people who would too, I'd really appreciate if you'd forward it to them πŸ™

If you have questions, comments, or feedback, just reply to this email orΒ let me know on Twitter @lancinimarco!

Thanks,
Marco
Forward Forward
Twitter Tweet
Share Share
Website
Twitter
View this email in your browser Β© 2019-present
The Cloud Security Reading List by SecurityBite LTD.