Release Date: 12/09/2021 | Issue: 104
CloudSecList is a newsletter for busy professionals who want to keep up to date with the cloud security industry. Hand-curated by Marco Lancini.

If you received it, you either subscribed or someone forwarded it to you. If you fit in the latter camp and want to subscribe, then you can click on this button:
Sign Up

Looking at phishing emails can be tedious and now with phishing attempts and business email compromise (BEC) on the rise it’s become essential. Expel can help by detecting threats across the email attack lifecycle. Ready to give it a try?
Two week free trial

This week's articles

Inside Figma: getting out of the (secure) shell   #aws, #defend
Tips from the Figma security team to help other teams secure Systems Manager and protect their most sensitive data.

Coordinated disclosure of vulnerability in Azure Container Instances Service   #attack, #azure
Microsoft recently mitigated a vulnerability reported by a security researcher in the Azure Container Instances (ACI) that could potentially allow a user to access other customers information in the ACI service. Microsoft's investigation surfaced no unauthorized access to customer data. You can also check the original post disclosing the vulnerability and another that explains What to do? to address it.

Automate Your Security in GCP with Serverless Computing   #defend, #gcp
Talk exploring serverless open source tools and other cloud-native options that allow you to automate your cloud security without the need for human interaction.

A Kubernetes engineer's guide to mTLS   #build, #kubernetes
mTLS is a hot topic in the Kubernetes world, especially for anyone tasked with getting "encryption in transit" for their applications. But what is mTLS, what kind of security does it provide, and why would you want it? This guide walks through exactly what mTLS is, how it relates to ordinary TLS, and why it's relevant to Kubernetes.

Kubernetes Instance Calculator   #build, #kubernetes
Visualize Kubernetes cost calculations in an interactive way.

Azure-Pentest   #attack, #azure
A collection of resources and notes useful for pentest and red team engagements against Azure.

Elastic on Elastic: Deep dive into our SIEM architecture   #elastic, #monitor
A a deep dive into Elastic Infosec team's architecture, the many sources of data collected for security uses, how and why cross-cluster search is used, and how to configure Elastic Security and machine learning to work with cross-cluster search.

Automate Consul Agent Security with Auto-Config   #build, #hashicorp
Auto-Config is a highly scalable method to distribute secure properties and other configuration settings to all Consul agents in a datacenter.

Managing Kubernetes seccomp profiles with security profiles operator   #explain, #kubernetes
Post covering the features of the security profile operator and how to use it.

Automation Assistants: Gitops Tools In Comparison   #build, #kubernetes
If you want to switch from classic CI/CD environments to GitOps, then you can choose from any of a large number of available tools. However, it is not always easy to tell which features they support and how suitable they are for your project at first glance. This article provides help in making a decision.

Learn how to manage apps across private Kubernetes clusters   #build, #kubernetes
How to apply GitOps on multiple private Kubernetes cluster with a single Argo CD installation.


go-discover is a Go (golang) library and command line tool to discover ip addresses of nodes in cloud environments based on meta information like tags provided by the environment.

AWS Security Hub Automated Response and Remediation
An add-on solution that works with AWS Security Hub to provide a ready-to-deploy architecture and a library of automated playbooks.

A tool for building container images within your Kubernetes cluster.

A tool for creating multi-node Kubernetes clusters on a Linux machine using kubeadm & systemd-nspawn.


Building an AWS Perimeter
Just added a page to CloudSecDocs providing a summary of the "Building an AWS Perimeter Whitepaper" released in July 2021.

Sponsor CloudSecList

If you want to get your product or job ad in front of thousands of security professionals, ranging from engineers to CISOs and VCs, at companies ranging from small start-ups to Fortune500 and FAANG, you can reach out at
πŸ“¨ [email protected] πŸ“¨

From the cloud providers

AWS Icon  Visualize AWS Security Hub Findings using Analytics and Business Intelligence Tools
Two architecture design options, which collect Security Hub findings across Regions. You can make these findings searchable, and build multiple visualization dashboards using analytics and BI Tools in order to gain insights.

AWS Icon  Top 10 security best practices for securing data in Amazon S3
Post reviewing the latest S3 features and AWS services that you can use to help secure your data in S3, including organization-wide preventative controls such as SCPs.

AWS Icon  How to improve visibility into AWS WAF with anomaly detection
How to automatically detect anomalies in the AWS WAF metrics to improve your visibility into AWS WAF activity, identify malicious activity, and simplify your investigations.

AWS Icon  Ensure Workload Resiliency and Comply with Data Residency Requirements with AWS Outposts
How to set up a modified multi-Region DR strategy that uses one Region and AWS Outposts to ensure the resiliency of your workload and address data residency requirements.

GCP Icon  What is Network Intelligence Center?
Currently Network Intelligence Center has four modules: Network Topology, Connectivity Tests, Performance Dashboard, and Firewall Insights.

GCP Icon  GCP CA Service: A practical demo on how to get started!
Post going over GCP's new CA Service in a practical way by using infrastructure as code to deploy a demo.

GCP Icon  Using GCP Cloud Asset Inventory Export to keep track of your GCP resources over time
Google Cloud Asset Inventory is a service that allows you to view, monitor, and analyse your GCP assets, giving you the option to export a snapshot of your entire inventory at any point of time.

Azure Icon  Best practices for cluster isolation in Azure Kubernetes Service
Learn the cluster operator best practices for isolation in Azure Kubernetes Service (AKS).

Azure Icon  Check the health of your exported Azure Sentinel logs in your ADX cluster
The ADX Health Playbook compares the number of logs in your Azure Sentinel tables and ADX tables periodically and sends you a warning via email if it detects a difference in the number of logs that may require your attention.

Azure Icon  Introducing: Azure Sentinel Data Exploration Toolset (ASDET)
ASDET provides a security analyst a complete set of tools to explore any security log dataset programmatically instead of manually.

Azure Icon  Alert enrichment: how to reduce incident triage and investigation times using dynamic alert details
Post exploring the new "Alert enrichment" in Azure Sentinel Analytics and giving a deep dive into the "Alert details" dynamic content ability.

Thanks for reading!

If you found this newsletter helpful, I'd really appreciate if you could forward it to your friends and colleagues! πŸ‘Œ

If you have questions, comments, or feedback, let me know on Twitter (@lancinimarco / @CloudSecList), or at!

Forward Forward
Twitter Tweet
Share Share

How did you like this issue of CloudSecList?

1       2       3       4       5

Archives View in browser Sponsorship
Β© 2019-present, CloudSecList by Marco Lancini.