Release Date: 28/11/2021 | Issue: 115
The Cloud Security Reading List is a low volume newsletter (delivered once per week) that highlights security-related news focused on the cloud native landscape, hand curated by Marco Lancini.
Sponsor

Having a healthy security culture reduces data breaches
When security protocols grow in complexity, they might start to hinder a company’s everyday tasks to an extent that it’s not hackers, but employees themselves, who first avoid implemented measures. Faraday software focuses on accessibility and resource optimization to consolidate a strong security environment. Friendly interface, automation, report generation, and workflow integration with Jira are just some of the features built in to enhance security while easing everyday activities. Make sure security is on track to meet company goals.
Get started today

This week's articles


pre:Invent 2021
#announcement, #aws
There were 234 AWS announcements in pre:Invent season. Chris Farris analysed 27 of them related to security and governance.


AWS/Azure/GCP Permissions
#aws, #azure, #gcp, #iam
Continuing with efforts on the permissions.cloud project, Ian Mckay has now have both Azure and GCP spaces available: azure.permissions.cloud and gcp.permissions.cloud.


Becoming A Super Admin In Someone Elses Gsuite Organization And Taking It Over
#attack, #gsuite
It was possible to make yourself admin of any GSuite Organization by modifying a request to just specify a different domain (and org id).


Is AWS Recycling your Access Keys?
#attack, #aws, #defend
Temporary AWS API access key IDs, issued by AWS, are not unique and could repeat, which can impair AWS security tools detection capabilities.


Learning Containers From The Bottom Up
#containers, #explain, #kubernetes
What is a Container? Container vs. VM? Docker vs. Kubernetes? How to organize the learning efficiently?


Verifying container signatures on Kubernetes with Gatekeeper
#kubernetes, #opa
How you can use some new features in Gatekeeper to enable container signature verification.


Testing Gatekeeper constraints with gator CLI
#kubernetes, #opa
The gator CLI is a new tool that ships with Gatekeeper version 3.7 and provides policy authors a way to test policy prior to being deployed to Kubernetes.


Automated Manifest File Validation Using Open Policy Agent and GitHub Actions
#build, #ci/cd, #opa
How to validate manifest files using Open Policy Agent and automate this using GitHub Actions.


Secure deployments with OpenID Connect & GitHub Actions now generally available
#ci/cd, #iam
GitHub Actions now supports OpenID Connect for secure deployment to different cloud providers via short-lived, auto-rotated tokens.


Writing a Kubernetes Validating Webhook using Python
#explain, #kubernetes
Step by step walkthrough explaining how to create from scratch a Kubernetes validating webhook using Python and the Flask framework.

Tools


splash
A pseudo shell re-invoking a Lambda for each command.


kube-scheduler-simulator
A web-based simulator for the Kubernetes scheduler.


witchery
Build distroless images with alpine tools.


AzureSentinel-ShodanMonitor
Ingesting Shodan Monitor Alerts to Azure Sentinel.

From the cloud providers


AWS Icon  AWS Identity and Access Management now makes it more efficient to troubleshoot access denied errors in AWS
AWS IAM now includes the policy type that's responsible for the denied permissions in access denied error messages.


AWS Icon  How to set up Amazon Cognito for federated authentication using Azure AD
Walkthrough detailing the steps needed to integrate Azure AD as a federated identity provider in Amazon Cognito user pool.


AWS Icon  Amazon DynamoDB now helps you meet regulatory compliance and business continuity requirements through enhanced backup features in AWS Backup
Amazon DynamoDB now helps you meet regulatory compliance and business continuity requirements through enhanced backup features, including copying on-demand backups cross-account and cross-Region, cost allocation tagging for backups, and transitioning backups to cold storage.


AWS Icon  Announcing preview of Amazon Linux 2022
Amazon announced the public preview of Amazon Linux 2022 (AL2022), Amazon's new general purpose Linux for AWS that is designed to provide a secure, stable, and high-performance execution environment to develop and run your cloud applications.


GCP Icon  Illicit coin mining, ransomware, APTs target cloud users in first Google Cybersecurity Action Team Threat Horizons report
The first threat report from the Google Cybersecurity Action Team finds cloud users are often targeted by illicit coin mining, ransomware, and APTs.


GCP Icon  Security Command Center - Increasing operational efficiency with new mute findings capability
Security Command Center mute findings capability helps you gain operational efficiencies by effectively managing the findings volume based on your organization's policies and requirements.


GCP Icon  Protect sensitive info in logs using Google Cloud
How to leverage the Data Loss Prevention API to solve the problem of storing sensitive data within application logs.


GCP Icon  Consuming Google Secret Manager secrets in GKE
This article lists 5 options to integrate GKE and GSM. For each option it lists the pros and cons, and a link to a code sample.


Azure Icon  Simplify connectivity, routing, and security with Azure Virtual WAN
Over the past few months, Microsoft added several new capabilities to Azure Virtual WAN to simplify routing design and management.


Azure Icon  Advancing service resilience in Azure Active Directory with its backup authentication service
The Azure AD backup authentication service transparently and automatically handles authentications for supported workloads when the primary Azure AD service is unavailable. It adds an additional layer of resilience on top of the multiple levels of redundancy in Azure AD.

Thanks for reading!

If you found this newsletter useful and interesting, and know other people who would too, I'd really appreciate if you'd forward it to them 🙏

If you have questions, comments, or feedback, just reply to this email or let me know on Twitter @lancinimarco!

Thanks,
Marco
Forward Forward
Twitter Tweet
Share Share
Website
Twitter
View this email in your browser © 2019-present
The Cloud Security Reading List by SecurityBite LTD.