Release Date: 21/11/2021 | Issue: 114
CloudSecList is a newsletter for busy professionals who want to keep up to date with the cloud security industry. Hand-curated by Marco Lancini.

If you received it, you either subscribed or someone forwarded it to you. If you fit in the latter camp and want to subscribe, then you can click on this button:
Sign Up

Understand the Growing Threat of Cloud Software Supply Chain Attacks
Palo Alto Networks' threat research team, known as Unit 42, recently conducted research on the topic of cloud software supply chain security. Their findings indicate that many organizations are vastly unprepared for staying secure against this growing threat. To help your organization protect your own cloud supply chain, download Unit 42's latest Cloud Threat Report and watch the webinar on-demand where they explain the research and provide recommendations.

This week's articles

Updates to IAM policy evaluation logic flow chart   #aws, #explain, #iam
AWS has finally updated the documentation around determining whether a request is allowed or denied within an account.

Effective IAM for AWS: A guide to realize IAM best practices   #aws, #explain, #iam
Learn how to secure AWS with usable IAM architecture, policies, and automation that scales security best practices efficiently to all developers.

Identity Federation for GitHub Actions on AWS   #aws, #ci/cd, #iam
An useful step-by-step example on how to configure your GitHub Actions build jobs to securely and seamlessly use IAM Roles in AWS.

How to avoid leaking your customer's source code with GitHub apps   #attack, #ci/cd
If you are rolling out features that require GitHub API access to your customers, be mindful of how you are doing it. It is easy to unintentionally and unexpectedly expose a customer's GitHub data to unauthorized users.

Detecting a Container Escape with Cilium and eBPF   #attack, #containers, #kubernetes, #monitor
How an attacker with access to your Kubernetes cluster could do a container escape (running a pod to gain root privileges, escaping the pod onto the host, and persisting the attack with invisible pods and fileless executions), and how to detect these attacks.

Creating Malicious Admission Controllers   #attack, #kubernetes
How to create a malicious admission controller, understanding its technicalities, and analyzing its impact.

Scanning Millions Of Publicly Exposed Docker Containers   #attack, #containers
A research which confirmed that Docker files usually contain a mind-blowing amount of hardcoded credentials. They included AWS and other cloud environment access keys, private keys, webhooks, and more. The most commonly found secret was the username and password to clone git repositories.

CVE-2021-42306 CredManifest: App Registration Certificates Stored in Azure Active Directory   #attack, #azure
Another security issue discovered in Azure: due to a misconfiguration, Automation Account "Run as" credentials (PFX certificates) were being stored in cleartext in Azure Active Directory (AAD).

Understanding Azure Logs from a security perspective   #azure, #monitor
First in a blog series that covers the audit logs available in Azure, discusses the security insights that we can obtain from them, and also highlights existing blind spots that can save you a few headaches down the line.

Vault as an OIDC Provider   #announcement, #iam, #vault
With release 1.9, Vault can now act as an OIDC provider itself, allowing applications to leverage pre-existing Vault identities for delegating authentication and authorization into their applications.

A Fulcio Deep Dive   #announcement
This blog post is an introduction to Fulcio, a free Root-CA for code signing certs - issuing certificates based on an OIDC email address.


An authenticating Docker Registry proxy with transparent Kubernetes integration.

Set Alternate Contacts across the AWS Organization
This script will update all the Alternate Contacts for all accounts in an AWS Organization.

A Cloud Forensics Powershell module to run threat hunting playbooks on data from Azure and O365.


A collection of resources for HashiCorp Terraform.

From the cloud providers

AWS Icon  Managing temporary elevated access to your AWS environment
Post discussing temporary elevated access and how it can mitigate risks related to human access to your AWS environment.

AWS Icon  Fall 2021 SOC reports now available with 141 services in scope
The AWS Fall 2021 SOC reports are now available through Artifact in the AWS Management Console. The SOC 3 report can also be downloaded as PDF.

AWS Icon  Hands-on walkthrough of the AWS Network Firewall flexible rules engine
How stateful rules are evaluated using a recently added feature, the strict rule order method.

AWS Icon  AWS Control Tower now supports nested organizational units
With support for nested OUs, you can now easily organize accounts in your Control Tower environment in a hierarchical, tree-like structure.

GCP Icon  Modernizing compliance: Introducing Risk and Compliance as Code
Google announced the launch of their Risk and Compliance as Code (RCaC) Solution. The RCaC solution stack enables compliance and security control automation through a combination of Google Cloud Products, Blueprints, Partner Integrations, workshops and services.

GCP Icon  Get inventory and vulnerability report data for your VMs
GCP added a Console view that shows you relevant CVEs and installed packages within your VMs.

Azure Icon  Enhance third-party NVA availability with Azure Gateway Load Balancer
Microsoft announced the preview of Gateway Load Balancer, a fully managed service enabling you to deploy, scale, and enhance the availability of third-party NVAs in Azure, that builds on that capability.

Thanks for reading!

If you found this newsletter helpful, I'd really appreciate if you could forward it to your friends and colleagues! 👌

If you have questions, comments, or feedback, let me know on Twitter (@lancinimarco / @CloudSecList), or at!

Forward Forward
Twitter Tweet
Share Share

How did you like this issue of CloudSecList?

1       2       3       4       5

Archives View in browser Sponsorship
© 2019-present, CloudSecList by Marco Lancini.