Release Date: 31/10/2021 | Issue: 111
CloudSecList is a newsletter for busy professionals who want to keep up to date with the cloud security industry. Hand-curated by Marco Lancini.

If you received it, you either subscribed or someone forwarded it to you. If you fit in the latter camp and want to subscribe, then you can click on this button:
Sign Up

Modern cloud apps are built using CI/CD and run as containerized microservices. The Sysdig Secure DevOps Platform secures the build, detects and responds to threats and continuously validates cloud configurations and compliance. In the spirit of Halloween, check out a few spooky stories from Sysdig. Beware the mutant tag, battle against mining vampires and experience a series of unfortunate kernel events - all from the comfort and safety of your home or office. Remember, all of these stories can be prevented with the right tools and by following security best practices.

This week's articles

All Access Pass: Five Trends with Initial Access Brokers   #attack, #supply-chain
Write up on the "underground" market for buying and selling access to companies. Top methods are still RDP and VPN access.

Cosigned up and running on EKS   #aws, #build, #kubernetes
How to get started using the cosigned admission controller on Amazon EKS, preventing unverified containers from running in your Kubernetes cluster.

Accessing GKE private clusters through IAP   #defend, #gcp, #kubernetes
How to connect to the control plane of a GKE private cluster, leveraging a proxy and an IAP tunnel.

Stop Downloading Google Cloud Service Account Keys!   #gcp, #iam
Generating and distributing service account keys poses severe security risks to your organization. You don't actually have to download these long-lived keys. There's a better way!

AWS temporary creds with SSO and a CDK workaround   #aws, #explain, #iam
Step-by-step guide including helpful recommendations for replacing hard-coded credentials with temporary credentials using SSO.

Continuous compliance on AWS   #aws, #defend
A list of services and patterns that can be especially helpful in adopting a continuous compliance posture on AWS.

How to run your own admission controller on Kubernetes   #explain, #kubernetes
Post explaining what admission controllers are, how do they work, and how to deploy them on Kubernetes.

Enterprise-scale seamless onboarding and deployment of Azure Sentinel using Lighthouse for multi-tenant environments   #azure, #build
Behind the scenes view of some of the automated processes involved in setting up new environments and managing custom analytics for each customer, including details about our scripting and automated build and release pipelines, which are are deployed as infrastructure-as-code.

Announcing Notary v2 alpha 1   #announcement, #containers, #supply-chain
Notary v1, otherwise known as Docker Content Trust, was released at at a time when there was one primary registry: Docker Hub. A lot has changed since then, and now the alpha 1 release of the Notary v2 project has been announced.


Secret management toolchain from the Elastic team.

Documenting your Threat Models with HCL.

SimuLand is an open-source initiative by Microsoft to help security researchers deploy lab environments that reproduce well-known techniques used in real attack scenarios, actively test and verify effectiveness of related Microsoft 365 Defender, Azure Defender and Azure Sentinel detections, and extend threat research using telemetry and forensic artifacts generated after each simulation exercise.

kstatus provides tools for checking the status of Kubernetes resources. The primary use case is knowing when (or if) a given set of resources has been fully reconciled after an apply operation.

From the cloud providers

AWS Icon  Amazon DocumentDB adds support for Access Control with User-Defined Roles
With user-defined roles you can grant users one or more custom roles that determine which operations they are authorized to perform. This release improves on DocumentDB's RBAC support which was previously limited to built-in roles.

AWS Icon  Correlate security findings with AWS Security Hub and Amazon EventBridge
How to deploy a solution to correlate specific AWS Security Hub findings from multiple AWS services that are related to a single AWS resource, which indicates an increased possibility that a security incident has happened.

AWS Icon  Automated Account Configuration
This solution automates operational processes in an efficient, error-free, standardized and consistent way, to ensure that your AWS accounts are set up properly and with the necessary resources to meet your business and production needs.

AWS Icon  Simplifying Multi-account CI/CD Deployments using AWS Proton
How to use AWS Proton to handle multi-account deployments using one consistent and standardized continuous delivery pipeline.

GCP Icon  Identity and environment in Google Cloud vs AWS and Azure
Newcomers to Google Cloud will immediately notice the intentionality with which identity and environments were designed for the platform.

GCP Icon  Avoiding GCF anti-patterns part 2: How to reuse Cloud Function instances for future invocations
What global scope is for a Cloud Function, when to use, and what issues to look out for when used incorrectly.

Azure Icon  General availability: Azure governance policy for Azure Key Vault
Azure Policy provides the ability to place guardrails on Key Vault and its objects to ensure they are compliant with your organizations security recommendations and compliance regulations. It allows you to perform real time policy-based enforcement and on-demand compliance assessment of existing secrets in your Azure environment.

Azure Icon  Integrate Azure Data Explorer as Long-Term log Retention for Azure Sentinel/Log Analytics
How logs from Log Analytics workspace can be migrated into long-term storage using Azure Data Explorer (ADX) to comply with retention standards as well as reduce costs.

Thanks for reading!

If you found this newsletter helpful, I'd really appreciate if you could forward it to your friends and colleagues! 👌

If you have questions, comments, or feedback, let me know on Twitter (@lancinimarco / @CloudSecList), or at!

Forward Forward
Twitter Tweet
Share Share

How did you like this issue of CloudSecList?

1       2       3       4       5

Archives View in browser Sponsorship
© 2019-present, CloudSecList by Marco Lancini.