Release Date: 22/08/2021 | Issue: 101
Know someone who'd find this useful? Forward this email
CloudSecList is a newsletter for busy professionals who want to keep up to date with the cloud security industry. Hand-curated by Marco Lancini.
Sponsor

๐Ÿ“ซ Securing your email ๐Ÿ“ซ
Successful phishing attacks are making way for an increase in business email compromise. Simply turning on multi-factor authentication (MFA) is no longer enough to halt crafty attackers, as bad actors continually find ways to bypass MFA, and are even creating fake Okta pages to steal user credentials. To prevent these attacks, you need detection and response strategy for the email attack lifecycle. Let us show you how.
View the on-demand webcast

This week's articles


Inside Figma: securing internal web apps
A deep-dive into how Figma built a system for securing internal web applications that lets them require SSO authentication, enforce fine-grained authorization (via Okta groups), and support CLI tools, all using ALBs, AWS Cognito, and Okta.   #aws   #build   #defend


Threat Hunting with Kubernetes Audit Logs - Part 2
Part 2 of the "Threat Hunting with Kubernetes Audit Logs" series, which explains how to use the MITRE ATT&CK framework to hunt for attackers in your Kubernetes audit logs.   #kubernetes   #monitor


An Introduction to AWS Firewall Manager
What is AWS Firewall Manger and how can it help you secure your organization?   #aws   #defend


KONTRA's AWS Top 10
A series of free interactive security training modules that teach developers how to identify and mitigate security vulnerabilities in their AWS-hosted cloud applications.   #attack   #aws   #defend   #explain


AWS Condition Context Keys for Reducing Risk
Post taking a closer look at the "aws:CalledVia*" and "aws:ViaAWSService" keys, and how you can use them to achieve least privilege.   #aws   #explain   #iam


Visual Explanation of SCP Inheritance for AWS Organizations
Walk through a graphical explanation for how SCPs function and provide an approach for following AWS's design in applying least privilege in an ever increasing way.   #aws   #explain   #iam


The Unofficial GKE Security Guide
Guide which aims to help prioritize and implement a security posture that meets your organization's needs while taking advantage of all the benefits of GKE.   #gcp   #gke   #kubernetes


Leaving Bastion Hosts Behind
Post examining GCP services like OS Login and Identity-Aware Proxy (IAP), and showing how they can be used as an alternative to bastion hosts.   #defend   #design   #gcp


Encrypted Secrets in Helm Charts
How to add and use encrypted secrets in custom Helm charts.   #build   #kubernetes


Using The Update Framework in Sigstore
A technical update on how Sigstore is integrating The Update Framework into the Sigstore projects and infrastructure.   #build   #docker   #kubernetes

Tools


kubescape
Test if your Kubernetes cluster is deployed securely as defined in NSA's Kubernetes Hardening Guidance.


havener
Think of it as a swiss army knife for Kubernetes tasks.


Cloud-Katana
Cloud Katana is a cloud native tool developed from the need to automate the execution of simulation steps in multi-cloud and hybrid cloud environments.


GCP API key rotation checker
This script will crawl your entire GCP Organization and inform you of any API keys over 90 days that need to be rotated.

From the cloud providers


#AWS   Build an end-to-end attribute-based access control strategy with AWS SSO and Okta
Post discussing the benefits of using an attribute-based access control (ABAC) strategy and describing how to use ABAC with AWS Single Sign-On (AWS SSO) when you're using Okta as an identity provider (IdP).


#AWS   Preventing Free Trial Abuse with AWS Managed Services
Post outlining common free trial abuse attack vectors and presents prevention techniques. It also shows how to incorporate Amazon Fraud Detector into your architecture to catch free trial abuse faster and more frequently.


#AWS   Amazon EC2 customers can now use ED25519 keys for authentication during instance connectivity operations
AWS customers can use ED25519 keys to prove their identity when connecting to EC2 instances. ED25519 is an elliptic curve based public-key system commonly used for SSH authentication.


#AWS   Introducing public builds for AWS CodeBuild
Using AWS CodeBuild, you can now share both the logs and the artifacts produced by CodeBuild projects. This blog post explains how to configure an existing CodeBuild project to enable public builds.


#AWS   AWS Systems Manager Change Manager now supports AWS IAM roles as approvers
Change Manager, a capability of AWS Systems Manager, now allows you to specify AWS Identity and Access Management (IAM) role as approvers for change requests and change templates.


#GCP   How to conduct live network forensics in GCP
Collect and preserve vital evidence for the digital forensic process while the incident response team resolves an incident.


#GCP   Troubleshoot GKE faster with monitoring data in your logs
View contextual Monitoring data in your GKE log lines. Easily see the relevant pod, node and cluster events and metrics for your pod.


#GCP   Foundational best practices for securing your cloud deployment
Post highlighting several best practices for security practitioners and platform teams to use with setting-up, configuring, deploying, and operating a security-centric infrastructure for their organization.


#GCP   Saving the day: How Cloud SQL makes data protection easy
Backup, high availability, and replication all play key roles in making your applications fault-tolerant.


#GCP   The Financial Services Industry Sees Increasing Public Cloud Adoption as Driving Innovation and Compliance
The financial industry is looking at the cloud as a key technology that can improve performance across a broad range of activities.


#AZURE   Azure DDoS Protection - 2021 Q1 and Q2 DDoS attack trends
In this review, the Azure DDoS Protection team shares trends and insights into DDoS attacks they observed and mitigated throughout the first half of 2021.


#AZURE   Azure Government Top Secret now generally available for US national security missions
Microsoft announced the general availability of Azure Government Top Secret, committing to bring commercial innovation to government customers across all data classifications.


#AZURE   Azure Sentinel new onboarding/offboarding API
Microsoft introduced a new API endpoint which allows to manage Azure Sentinel instances seamlessly on a workspace through the API. The endpoint provides a single source of truth for performing the different operations required for a complete creation/deletion (aka onboarding/offboarding) of Azure Sentinel on a workspace.

Thanks for reading!

If you found this newsletter helpful, I'd really appreciate if you could forward it to your friends and colleagues! ๐Ÿ‘Œ

If you have questions, comments, or feedback, let me know on Twitter (@lancinimarco / @CloudSecList), or at feedback.cloudseclist.com!

Thanks,
Marco
Forward Forward
Twitter Tweet
Share Share

How did you like this issue of CloudSecList?

1       2       3       4       5

Archives View in browser Sponsorship
ยฉ 2019-present CloudSecList ยท Marco Lancini