Release Date: 21/11/2021 | Issue: 114
Know someone who'd find this useful? Forward this email
CloudSecList is a newsletter for busy professionals who want to keep up to date with the cloud security industry. Hand-curated by Marco Lancini.
Sponsor

Understand the Growing Threat of Cloud Software Supply Chain Attacks
Palo Alto Networks' threat research team, known as Unit 42, recently conducted research on the topic of cloud software supply chain security. Their findings indicate that many organizations are vastly unprepared for staying secure against this growing threat. To help your organization protect your own cloud supply chain, download Unit 42's latest Cloud Threat Report and watch the webinar on-demand where they explain the research and provide recommendations.

This week's articles


Updates to IAM policy evaluation logic flow chart
AWS has finally updated the documentation around determining whether a request is allowed or denied within an account.   #aws   #explain   #iam


Effective IAM for AWS: A guide to realize IAM best practices
Learn how to secure AWS with usable IAM architecture, policies, and automation that scales security best practices efficiently to all developers.   #aws   #explain   #iam


Identity Federation for GitHub Actions on AWS
An useful step-by-step example on how to configure your GitHub Actions build jobs to securely and seamlessly use IAM Roles in AWS.   #aws   #ci/cd   #iam


How to avoid leaking your customer's source code with GitHub apps
If you are rolling out features that require GitHub API access to your customers, be mindful of how you are doing it. It is easy to unintentionally and unexpectedly expose a customer's GitHub data to unauthorized users.   #attack   #ci/cd


Detecting a Container Escape with Cilium and eBPF
How an attacker with access to your Kubernetes cluster could do a container escape (running a pod to gain root privileges, escaping the pod onto the host, and persisting the attack with invisible pods and fileless executions), and how to detect these attacks.   #attack   #containers   #kubernetes   #monitor


Creating Malicious Admission Controllers
How to create a malicious admission controller, understanding its technicalities, and analyzing its impact.   #attack   #kubernetes


Scanning Millions Of Publicly Exposed Docker Containers
A research which confirmed that Docker files usually contain a mind-blowing amount of hardcoded credentials. They included AWS and other cloud environment access keys, private keys, webhooks, and more. The most commonly found secret was the username and password to clone git repositories.   #attack   #containers


CVE-2021-42306 CredManifest: App Registration Certificates Stored in Azure Active Directory
Another security issue discovered in Azure: due to a misconfiguration, Automation Account "Run as" credentials (PFX certificates) were being stored in cleartext in Azure Active Directory (AAD).   #attack   #azure


Understanding Azure Logs from a security perspective
First in a blog series that covers the audit logs available in Azure, discusses the security insights that we can obtain from them, and also highlights existing blind spots that can save you a few headaches down the line.   #azure   #monitor


Vault as an OIDC Provider
With release 1.9, Vault can now act as an OIDC provider itself, allowing applications to leverage pre-existing Vault identities for delegating authentication and authorization into their applications.   #announcement   #iam   #vault


A Fulcio Deep Dive
This blog post is an introduction to Fulcio, a free Root-CA for code signing certs - issuing certificates based on an OIDC email address.   #announcement

Tools


docker-registry-proxy
An authenticating Docker Registry proxy with transparent Kubernetes integration.


Set Alternate Contacts across the AWS Organization
This script will update all the Alternate Contacts for all accounts in an AWS Organization.


AzureHunter
A Cloud Forensics Powershell module to run threat hunting playbooks on data from Azure and O365.

CloudSecDocs


Terraform
A collection of resources for HashiCorp Terraform.

From the cloud providers


#AWS   Managing temporary elevated access to your AWS environment
Post discussing temporary elevated access and how it can mitigate risks related to human access to your AWS environment.


#AWS   Fall 2021 SOC reports now available with 141 services in scope
The AWS Fall 2021 SOC reports are now available through Artifact in the AWS Management Console. The SOC 3 report can also be downloaded as PDF.


#AWS   Hands-on walkthrough of the AWS Network Firewall flexible rules engine
How stateful rules are evaluated using a recently added feature, the strict rule order method.


#AWS   AWS Control Tower now supports nested organizational units
With support for nested OUs, you can now easily organize accounts in your Control Tower environment in a hierarchical, tree-like structure.


#GCP   Modernizing compliance: Introducing Risk and Compliance as Code
Google announced the launch of their Risk and Compliance as Code (RCaC) Solution. The RCaC solution stack enables compliance and security control automation through a combination of Google Cloud Products, Blueprints, Partner Integrations, workshops and services.


#GCP   Get inventory and vulnerability report data for your VMs
GCP added a Console view that shows you relevant CVEs and installed packages within your VMs.


#AZURE   Enhance third-party NVA availability with Azure Gateway Load Balancer
Microsoft announced the preview of Gateway Load Balancer, a fully managed service enabling you to deploy, scale, and enhance the availability of third-party NVAs in Azure, that builds on that capability.

Thanks for reading!

If you found this newsletter helpful, I'd really appreciate if you could forward it to your friends and colleagues! ๐Ÿ‘Œ

If you have questions, comments, or feedback, let me know on Twitter (@lancinimarco / @CloudSecList), or at feedback.cloudseclist.com!

Thanks,
Marco
Forward Forward
Twitter Tweet
Share Share

How did you like this issue of CloudSecList?

1       2       3       4       5

Archives View in browser Sponsorship
ยฉ 2019-present CloudSecList ยท Marco Lancini