Release Date: 26/09/2021 | Issue: 106
CloudSecList is a newsletter for busy professionals who want to keep up to date with the cloud security industry. Hand-curated by Marco Lancini.

If you received it, you either subscribed or someone forwarded it to you. If you fit in the latter camp and want to subscribe, then you can click on this button:
Sign Up

SOC 2, HIPAA, & ISO 27001 compliance... oh my! πŸ‘
Vanta restores trust in internet businesses by giving startups an easy-to-use platform to improve and prove their security. Over 1500 fast-growing companies rely on Vanta to automate their SOC 2, ISO 27001, or HIPAA compliance in weeks instead of months.
Check Vanta out!

This week's articles

Escalating Azure Privileges with the Log Analytics Contributor Role   #attack, #azure
A (now fixed) privilege escalation that allowed an Azure AD user to escalate from the Log Analytics Contributor role to a full Subscription Contributor role.

CVE-2021-38112: AWS WorkSpaces Remote Code Execution   #attack, #aws
A vulnerability in the AWS WorkSpaces desktop client (CVE-2021-38112), which allows commands to be executed if a victim opens a malicious WorkSpaces URI from their browser.

Revisiting Lambda Persistence   #attack, #aws
As an attacker, Serverless environments are a very different target when compared with their traditional server-based counterparts. Even gaining remote code execution, which would normally spur a race to escalate privileges, has a very different connotation.

IAM::PassRole Explained   #aws, #explain, #iam
Understanding the iam:PassRole permission is key to not only getting your applications working in AWS, but also doing it securely.

Group-based auth with AppSync Lambda authoriser   #aws, #build, #iam
How to implement group-based authorization with AppSync Lambda authoriser, which makes it easier to integrate with 3rd party identity services when you're building a multi-tenant system.

10 Common Security Issues when Migrating from On Premises to Azure   #azure, #build
This article is focused on the security risks involved in a cloud migration, and provides a compilation of common security anti-patterns and best practices for architects only familiar with traditional on-premise data centers to follow.

Introducing k8s-lab-plz: A modular Kubernetes Lab   #build, #kubernetes
k8s-lab-plz is a modular Kubernetes lab which provides an easy and streamlined way to deploy a test cluster with support for different components.

Enforcing Image Trust on Docker Containers using Notary   #build, #defend, #docker, #kubernetes
Post talking about the importance of supply chain security and how to implement container image trust in Docker and Kubernetes using Notary.

2 widespread attacks on your containerized environment and 7 rules to prevent them   #defend, #kubernetes
How to apply common security principles and what tool to choose to prevent attacks on your Docker containers and Kubernetes clusters.

Distroless Builds Are Now SLSA 2   #build, #defend, #docker
Distroless builds have achieved SLSA 2. SLSA is a security framework for increasing supply chain security, and Level 2 ensures that the build service is tamper resistant.


Sidecar for managing OPA on top of Kubernetes.

GitOops is a tool to help attackers and defenders identify lateral movement and privilege escalation paths in GitHub organizations by abusing CI/CD pipelines and GitHub access controls.

GitHub Action for authenticating to Google Cloud with GitHub Actions OIDC tokens and Workload Identity Federation.


I've completely overhauled the DevOps section of CloudSecDocs, among other little tweaks in other sections. Go check it out!

Sponsor CloudSecList

If you want to get yourΒ productΒ or job ad in front of thousands of security professionals, ranging from engineers to CISOs and VCs, at companies ranging from small start-ups to Fortune500 and FAANG, you can reach out at
πŸ“¨ [email protected] πŸ“¨

From the cloud providers

AWS Icon  How to automate incident response to security events with AWS Systems Manager Incident Manager
How to use Incident Manager, a capability of AWS Systems Manager, to build an effective automated incident management and response solution to security events.

AWS Icon  Connect any Kubernetes cluster to Amazon EKS
You can connect any Kubernetes cluster, including Amazon EKS Anywhere clusters running on-premises, self-managed clusters on EC2, and other clusters running outside of AWS.

AWS Icon  Amazon Detective supports S3 and DNS finding types, adds finding details
New Amazon Detective capabilities help security analysts easily investigate unusual activities on their S3 buckets and deep dive on findings related to low-reputation domain names.

AWS Icon  Customizing User Pool Workflows with Lambda Triggers
You can create an AWS Lambda function and then trigger that function during user pool operations such as user sign-up, confirmation, and sign-in (authentication) with a Lambda trigger. You can add authentication challenges, migrate users, and customize verification messages.

GCP Icon  To serve and protect: New storage features help ensure data is never lost
Google added extensions to Cloud Storage, and introducing two new services, Filestore Enterprise, and Backup for Google Kubernetes Engine (GKE). Together, these new capabilities will make it easier for you to protect your data out-of-the box, across a wide variety of applications and use cases.

GCP Icon  Network security threat detection - Comparison of analytics methods
Article which compares & contrasts 5 mechanisms for cultivating network signal telemetry for forensics, security analytics, advanced threat detection, and hunting.

GCP Icon  Announcing Backup for GKE: the easiest way to protect GKE workloads
Google announced the Preview for Backup for GKE, a simple, cloud-native way for you to protect, manage, and restore your containerized applications and data. With Backup for GKE, you can more easily meet your service-level objectives, automate common backup and recovery tasks, and show reporting for compliance and audit purposes.

GCP Icon  Introducing Google Cloud Deploy: Managed continuous delivery to GKE
Google announced Google Cloud Deploy, a managed, opinionated continuous delivery service that makes continuous delivery to GKE easier, faster, and more reliable.

Azure Icon  Use portal to create private link for managing Azure resources
Private network access for Azure control plane APIs, now in public preview, allows for all calls to Azure APIs happen inside your private network and never on the public internet.

Azure Icon  Hunting for OMI Vulnerability Exploitation with Azure Sentinel
Some tips about current attacks in the wild, agents and software involved, indicators for defenders to look for on host machines, and new detections in Azure Sentinel.

Azure Icon  Introducing Azure DevOps Audit Stream
How to optimize Audit Logging within Azure DevOps, by enabling the new, currently in public preview, ADO Audit Stream.

Thanks for reading!

If you found this newsletter helpful, I'd really appreciate if you could forward it to your friends and colleagues! πŸ‘Œ

If you have questions, comments, or feedback, let me know on Twitter (@lancinimarco / @CloudSecList), or at!

Forward Forward
Twitter Tweet
Share Share

How did you like this issue of CloudSecList?

1       2       3       4       5

Archives View in browser Sponsorship
Β© 2019-present, CloudSecList by Marco Lancini.