Release Date: 29/08/2021 | Issue: 102
CloudSecList is a newsletter for busy professionals who want to keep up to date with the cloud security industry. Hand-curated by Marco Lancini.

If you received it, you either subscribed or someone forwarded it to you. If you fit in the latter camp and want to subscribe, then you can click on this button:
Sign Up

Watch Expel MDR in action
See what it's like to work with Expel MDR to protect your org from security threats. Expel offers 24x7 security monitoring and response for cloud, hybrid and on-premises environments using the security signals customers already own so organizations can get more value from their existing security investments. We report on confirmed problems and provide step-by-step instructions on what to do next. No registration required.
View Demo

This week's articles

Top Open Source Kubernetes Security Tools of 2021   #build, #defend, #kubernetes
The top eight most popular open source Kubernetes security tools identified by a Redhat survey: OPA, KubeLinter, Kube-bench, Kube-hunter, Terrascan, Falco, Clair, and Checkov.

A Security Review of Docker Official Images: Which Do You Trust?   #attack, #defend, #docker
This research demonstrates the importance of keeping track of the images that you use, and not assuming that even official images from Docker Hub will be maintained in perpetuity.

Cloud Security Orienteering   #defend, #strategy
How to orienteer in a cloud environment, dig in to identify the risks that matter, and put together actionable plans that address short, medium, and long term goals. You can also refer to the companion check list.

Hands on with Kubernetes Pod Security Admission   #explain, #kubernetes
Kubernetes v1.22 provides an alpha release for the successor of Pod Security Policy (PSP), called Pod Security Admission (PSA). This post took an initial look at PSA and will cover what you need to know about how it works, and how you can start playing with it.

New Terraform Planning Options   #announcement, #explain, #terraform
Terraform introduced new planning options: "refresh=false", "-refresh-only", and "-replace".

Spoofing Azure AD sign-ins logs by imitating AD FS Hybrid Health Agent   #attack, #azure
How anyone with a local administrator access to AD FS server (or proxy), can create arbitrary sign-ins events to Azure AD sign-ins log.

Using the new Google Cloud Config Controller to provision and manage cloud services via the Kubernetes Resource Model   #build, #gcp, #kubernetes
How to manually configure a GKE cluster, and how to use the new Config Controller to provision and configure services via automation.

Mutating Kubernetes resources with Gatekeeper   #explain, #kubernetes, #opa
Gatekeeper has recently introduced the ability to mutate resources. Mutation means that policy can change Kubernetes resources based on different criteria.

A Deep Dive Into Kubernetes Schema Validation   #build, #kubernetes
How do you ensure the stability of your Kubernetes clusters? How do you know that your manifests are syntactically valid? Are you sure you don't have any invalid data types? Are any mandatory fields missing?

Spice up Your Kubernetes Environment with AWS Lambda   #aws, #build, #kubernetes
How to securely integrate AWS Lambda with an existing Kubernetes environment without codes changes.

Detect Malicious Behaviour on Kubernetes API Server through gathering Audit Logs by using FluentBit   #build, #kubernetes, #monitor
How FluentBit can be useful to gather Kubernetes audit logs and forward them to some HTTP endpoint.


A simple to use web-based Gatekeeper policies manager. You can also refer to the companion blog post.

KubeView displays what is happening inside a Kubernetes cluster (or single namespace), it maps out the API objects and how they are interconnected.

n8n is an extendable workflow automation tool.

From the cloud providers

AWS Icon  Introducing AWS Backup Audit Manager
AWS Backup announces AWS Backup Audit Manager, a new feature that allows you to audit and report on the compliance of your data protection policies to help you meet your business and regulatory needs.

AWS Icon  How to automate forensic disk collection in AWS
A hands-on solution you can use for automated disk collection across multiple AWS accounts. This solution will help your incident response team set up an automation workflow to capture the disk evidence they need to analyze to determine scope and impact of potential security incidents.

AWS Icon  Visualizing AWS Config data using Amazon Athena and Amazon QuickSight
By default, AWS Config stores data in an S3 bucket. Amazon Athena is an interactive query service that makes it easy to analyze data in Amazon S3 using standard SQL. When configuration snapshots and configuration history data are aggregated in Amazon S3, you can use Athena to query the JSON data directly using SQL statements. You can then visualize your Athena SQL views and queries in Amazon QuickSight, which lets you easily create and publish interactive BI dashboards by creating data sets.

AWS Icon  Accreditation Models for Secure Cloud Adoption
This whitepaper provides cloud accreditation best practices to help you capitalize on the security benefits of commercial cloud computing while maximizing efficiency, scalability, and cost reduction.

AWS Icon  IAM Access Analyzer helps you generate IAM policies based on access activity found in your organization trail
IAM Access Analyzer extended policy generation allowing to generate policies based on access activity stored in a designated account.

AWS Icon  Access token security for microservice APIs on Amazon EKS
How to implement service-to-service authorization using OAuth 2.0 access tokens for microservice APIs hosted on Amazon EKS.

GCP Icon  What's the key to a more secure Cloud Function? It's a secret!
The Google Secret Manager native integration with Cloud Functions makes it easier to access secrets for authenticating to upstream APIs and services.

GCP Icon  Shift security left with on-demand vulnerability scanning
Google Cloud recently launched On-Demand Scanning to general availability. This new feature checks for vulnerabilities both in locally stored container images and images stored within GCP registries.

GCP Icon  Artifact Registry: the next generation of Container Registry
Compared with Container Registry, Artifact Registry lets you store non-container artifacts, and provides better security and more flexibility.

GCP Icon  Introducing security configuration for gRPC apps with Traffic Director
gRPC-based services can now be configured via the Traffic Director control plane to use TLS and mutual TLS to establish secure communications.

GCP Icon  Manage data exfiltration risks in Cloud Run with VPC Service Controls
The scalability and ease of use of fully managed compute now comes with enterprise-grade guardrails at the network level.

Thanks for reading!

If you found this newsletter helpful, I'd really appreciate if you could forward it to your friends and colleagues! 👌

If you have questions, comments, or feedback, let me know on Twitter (@lancinimarco / @CloudSecList), or at!

Forward Forward
Twitter Tweet
Share Share

How did you like this issue of CloudSecList?

1       2       3       4       5

Archives View in browser Sponsorship
© 2019-present, CloudSecList by Marco Lancini.