Release Date: 26/09/2021 | Issue: 106
Know someone who'd find this useful? Forward this email
CloudSecList is a newsletter for busy professionals who want to keep up to date with the cloud security industry. Hand-curated by Marco Lancini.
Sponsor

SOC 2, HIPAA, & ISO 27001 compliance... oh my! πŸ‘
Vanta restores trust in internet businesses by giving startups an easy-to-use platform to improve and prove their security. Over 1500 fast-growing companies rely on Vanta to automate their SOC 2, ISO 27001, or HIPAA compliance in weeks instead of months.
Check Vanta out!

This week's articles


Escalating Azure Privileges with the Log Analytics Contributor Role
A (now fixed) privilege escalation that allowed an Azure AD user to escalate from the Log Analytics Contributor role to a full Subscription Contributor role.   #attack   #azure


CVE-2021-38112: AWS WorkSpaces Remote Code Execution
A vulnerability in the AWS WorkSpaces desktop client (CVE-2021-38112), which allows commands to be executed if a victim opens a malicious WorkSpaces URI from their browser.   #attack   #aws


Revisiting Lambda Persistence
As an attacker, Serverless environments are a very different target when compared with their traditional server-based counterparts. Even gaining remote code execution, which would normally spur a race to escalate privileges, has a very different connotation.   #attack   #aws


IAM::PassRole Explained
Understanding the iam:PassRole permission is key to not only getting your applications working in AWS, but also doing it securely.   #aws   #explain   #iam


Group-based auth with AppSync Lambda authoriser
How to implement group-based authorization with AppSync Lambda authoriser, which makes it easier to integrate with 3rd party identity services when you're building a multi-tenant system.   #aws   #build   #iam


10 Common Security Issues when Migrating from On Premises to Azure
This article is focused on the security risks involved in a cloud migration, and provides a compilation of common security anti-patterns and best practices for architects only familiar with traditional on-premise data centers to follow.   #azure   #build


Introducing k8s-lab-plz: A modular Kubernetes Lab
k8s-lab-plz is a modular Kubernetes lab which provides an easy and streamlined way to deploy a test cluster with support for different components.   #build   #kubernetes


Enforcing Image Trust on Docker Containers using Notary
Post talking about the importance of supply chain security and how to implement container image trust in Docker and Kubernetes using Notary.   #build   #defend   #docker   #kubernetes


2 widespread attacks on your containerized environment and 7 rules to prevent them
How to apply common security principles and what tool to choose to prevent attacks on your Docker containers and Kubernetes clusters.   #defend   #kubernetes


Distroless Builds Are Now SLSA 2
Distroless builds have achieved SLSA 2. SLSA is a security framework for increasing supply chain security, and Level 2 ensures that the build service is tamper resistant.   #build   #defend   #docker

Sponsor CloudSecList

If you want to get yourΒ productΒ or job ad in front of thousands of security professionals, ranging from engineers to CISOs and VCs, at companies ranging from small start-ups to Fortune500 and FAANG, you can reach out at
πŸ“¨ [email protected] πŸ“¨

Tools


kube-mgmt
Sidecar for managing OPA on top of Kubernetes.


gitoops
GitOops is a tool to help attackers and defenders identify lateral movement and privilege escalation paths in GitHub organizations by abusing CI/CD pipelines and GitHub access controls.


google-github-actions/auth
GitHub Action for authenticating to Google Cloud with GitHub Actions OIDC tokens and Workload Identity Federation.

CloudSecDocs


DevOps
I've completely overhauled the DevOps section of CloudSecDocs, among other little tweaks in other sections. Go check it out!

From the cloud providers


#AWS   How to automate incident response to security events with AWS Systems Manager Incident Manager
How to use Incident Manager, a capability of AWS Systems Manager, to build an effective automated incident management and response solution to security events.


#AWS   Connect any Kubernetes cluster to Amazon EKS
You can connect any Kubernetes cluster, including Amazon EKS Anywhere clusters running on-premises, self-managed clusters on EC2, and other clusters running outside of AWS.


#AWS   Amazon Detective supports S3 and DNS finding types, adds finding details
New Amazon Detective capabilities help security analysts easily investigate unusual activities on their S3 buckets and deep dive on findings related to low-reputation domain names.


#AWS   Customizing User Pool Workflows with Lambda Triggers
You can create an AWS Lambda function and then trigger that function during user pool operations such as user sign-up, confirmation, and sign-in (authentication) with a Lambda trigger. You can add authentication challenges, migrate users, and customize verification messages.


#GCP   To serve and protect: New storage features help ensure data is never lost
Google added extensions to Cloud Storage, and introducing two new services, Filestore Enterprise, and Backup for Google Kubernetes Engine (GKE). Together, these new capabilities will make it easier for you to protect your data out-of-the box, across a wide variety of applications and use cases.


#GCP   Network security threat detection - Comparison of analytics methods
Article which compares & contrasts 5 mechanisms for cultivating network signal telemetry for forensics, security analytics, advanced threat detection, and hunting.


#GCP   Announcing Backup for GKE: the easiest way to protect GKE workloads
Google announced the Preview for Backup for GKE, a simple, cloud-native way for you to protect, manage, and restore your containerized applications and data. With Backup for GKE, you can more easily meet your service-level objectives, automate common backup and recovery tasks, and show reporting for compliance and audit purposes.


#GCP   Introducing Google Cloud Deploy: Managed continuous delivery to GKE
Google announced Google Cloud Deploy, a managed, opinionated continuous delivery service that makes continuous delivery to GKE easier, faster, and more reliable.


#AZURE   Use portal to create private link for managing Azure resources
Private network access for Azure control plane APIs, now in public preview, allows for all calls to Azure APIs happen inside your private network and never on the public internet.


#AZURE   Hunting for OMI Vulnerability Exploitation with Azure Sentinel
Some tips about current attacks in the wild, agents and software involved, indicators for defenders to look for on host machines, and new detections in Azure Sentinel.


#AZURE   Introducing Azure DevOps Audit Stream
How to optimize Audit Logging within Azure DevOps, by enabling the new, currently in public preview, ADO Audit Stream.

Thanks for reading!

If you found this newsletter helpful, I'd really appreciate if you could forward it to your friends and colleagues! πŸ‘Œ

If you have questions, comments, or feedback, let me know on Twitter (@lancinimarco / @CloudSecList), or at feedback.cloudseclist.com!

Thanks,
Marco
Forward Forward
Twitter Tweet
Share Share

How did you like this issue of CloudSecList?

1       2       3       4       5

Archives View in browser Sponsorship
Β© 2019-present CloudSecList Β· Marco Lancini