This week's articles
Agent Exposes Azure Customers To Unauthorized Code Execution
#attack, #azure
Azure customers on Linux machines - which account for over half of all Azure instances according to Microsoft - are at risk if they use any of the services relying on OMI (Open Management Infrastructure), a Windows Management Infrastructure (WMI) for UNIX/Linux systems. The RCE is the simplest RCE you can ever imagine: simply remove the auth header and you are root. This Twitter thread is also useful to understand the impact of this flaw.
Bypassing GCP Org Policy with Custom Metadata
#attack, #gcp
Google makes use of custom metadata to authorize access to AI Notebooks and their web UIs. Individuals granted access via custom metadata need not have any IAM permissions on the compute instance, on the service account running the Notebook or even be a member of the Organization. This kind of authorization bypasses a specific Organization Policy Constraint which restricts cross-domain resource sharing.
NSA & CISA Kubernetes Security Guidance - A Critical Review
#explain, #kubernetes
Last month, NSA and CISA released a report detailing the security hardening they recommend be applied to Kubernetes cluster. The guidance the document contains is generally reasonable, but there are several points which are either incorrect or do not provide sufficient context for administrators to make good security-focused decisions.
AWS Authentication: Principals in AWS IAM
#aws, #explain, #iam
Newcomers to AWS can sometimes get confused by what it means to have AWS credentials. This article aims to explain the basics of AWS authentication, that is, the way you gain an identity that you can use to access AWS services.
AWS federation comes to GitHub Actions
#aws, #ci/cd, #github, #iam
GitHub Actions has a new functionality that can vend OpenID Connect credentials to jobs running on the platform. This is very exciting for AWS account administrators as it means that CI/CD jobs no longer need any long-term secrets to be stored in GitHub.
Threat Detection Maturity Framework
#defend, #monitor, #strategy
How do you measure the success or maturity of a Threat Detection program? What should a Threat Detection team roadmap look like? What is the north star for Threat Detection?
|
|
Tools
ttl.sh
An anonymous & ephemeral (and free) Docker image registry.
approver-policy
approver-policy is a cert-manager approver that allows users to define policies that restrict what certificates can be requested.
ClusterSecret
ClusterSecret operator makes sure all the matching namespaces have the secret available. New namespaces, if they match the pattern, will also have the secret. Any change on the ClusterSecret will update all related secrets.
aws-requests-auth
This package allows you to authenticate to AWS with Amazon's signature version 4 signing process with the python requests library.
|
|
CloudSecDocs
Technical Leadership
I've spent some time overhauling and reorganising the "Culture & Engineering" section on CloudSecDocs, now with more resources on topics like engineering decisions, personal development, technical leadership, and management
|
|
Sponsor CloudSecList
If you want to get yourΒ productΒ or job ad in front of thousands of security professionals, ranging from engineers to CISOs and VCs, at companies ranging from small start-ups to Fortune500 and FAANG, you can reach out at π¨ [email protected] π¨
|
|
|
From the cloud providers
IAM Access Analyzer Update - Policy Validation
Use the CLI (aws accessanalyzer validate-policy) or the API (ValidatePolicy) in IAM Access Analyzer to perform programmatic validation as part of your CI/CD workflows, helping you construct correct & secure IAM policies & SCPs.
New Detectors for Event Threat Detection
Event Threat Detection has launched new detectors in public preview: "Credential Access: Privileged Group Joinability Risk", "Persistence: IAM Anomalous Group Grant", "Credential Access: External Member In Privileged Group".
Unattended project recommender
The unattended project recommender analyzes usage activity on projects in your organization and provides recommendations that help you discover, reclaim or remove unattended projects.
|
|
Thanks for reading!
|
If you found this newsletter helpful, I'd really appreciate if you could forward it to your friends and colleagues! π If you have questions, comments, or feedback, let me know on Twitter ( @lancinimarco / @CloudSecList), or at feedback.cloudseclist.com! Thanks, Marco
|
|
|