Release Date: 28/11/2021 | Issue: 115
Know someone who'd find this useful? Forward this email
CloudSecList is a newsletter for busy professionals who want to keep up to date with the cloud security industry. Hand-curated by Marco Lancini.
Sponsor

Having a healthy security culture reduces data breaches
When security protocols grow in complexity, they might start to hinder a company’s everyday tasks to an extent that it’s not hackers, but employees themselves, who first avoid implemented measures. Faraday software focuses on accessibility and resource optimization to consolidate a strong security environment. Friendly interface, automation, report generation, and workflow integration with Jira are just some of the features built in to enhance security while easing everyday activities. Make sure security is on track to meet company goals.
Get started today

This week's articles


pre:Invent 2021
There were 234 AWS announcements in pre:Invent season. Chris Farris analysed 27 of them related to security and governance.   #announcement   #aws


AWS/Azure/GCP Permissions
Continuing with efforts on the permissions.cloud project, Ian Mckay has now have both Azure and GCP spaces available: azure.permissions.cloud and gcp.permissions.cloud.   #aws   #azure   #gcp   #iam


Becoming A Super Admin In Someone Elses Gsuite Organization And Taking It Over
It was possible to make yourself admin of any GSuite Organization by modifying a request to just specify a different domain (and org id).   #attack   #gsuite


Is AWS Recycling your Access Keys?
Temporary AWS API access key IDs, issued by AWS, are not unique and could repeat, which can impair AWS security tools detection capabilities.   #attack   #aws   #defend


Learning Containers From The Bottom Up
What is a Container? Container vs. VM? Docker vs. Kubernetes? How to organize the learning efficiently?   #containers   #explain   #kubernetes


Verifying container signatures on Kubernetes with Gatekeeper
How you can use some new features in Gatekeeper to enable container signature verification.   #kubernetes   #opa


Testing Gatekeeper constraints with gator CLI
The gator CLI is a new tool that ships with Gatekeeper version 3.7 and provides policy authors a way to test policy prior to being deployed to Kubernetes.   #kubernetes   #opa


Automated Manifest File Validation Using Open Policy Agent and GitHub Actions
How to validate manifest files using Open Policy Agent and automate this using GitHub Actions.   #build   #ci/cd   #opa


Secure deployments with OpenID Connect & GitHub Actions now generally available
GitHub Actions now supports OpenID Connect for secure deployment to different cloud providers via short-lived, auto-rotated tokens.   #ci/cd   #iam


Writing a Kubernetes Validating Webhook using Python
Step by step walkthrough explaining how to create from scratch a Kubernetes validating webhook using Python and the Flask framework.   #explain   #kubernetes

Tools


splash
A pseudo shell re-invoking a Lambda for each command.


kube-scheduler-simulator
A web-based simulator for the Kubernetes scheduler.


witchery
Build distroless images with alpine tools.


AzureSentinel-ShodanMonitor
Ingesting Shodan Monitor Alerts to Azure Sentinel.

From the cloud providers


#AWS   AWS Identity and Access Management now makes it more efficient to troubleshoot access denied errors in AWS
AWS IAM now includes the policy type that's responsible for the denied permissions in access denied error messages.


#AWS   How to set up Amazon Cognito for federated authentication using Azure AD
Walkthrough detailing the steps needed to integrate Azure AD as a federated identity provider in Amazon Cognito user pool.


#AWS   Amazon DynamoDB now helps you meet regulatory compliance and business continuity requirements through enhanced backup features in AWS Backup
Amazon DynamoDB now helps you meet regulatory compliance and business continuity requirements through enhanced backup features, including copying on-demand backups cross-account and cross-Region, cost allocation tagging for backups, and transitioning backups to cold storage.


#AWS   Announcing preview of Amazon Linux 2022
Amazon announced the public preview of Amazon Linux 2022 (AL2022), Amazon's new general purpose Linux for AWS that is designed to provide a secure, stable, and high-performance execution environment to develop and run your cloud applications.


#GCP   Illicit coin mining, ransomware, APTs target cloud users in first Google Cybersecurity Action Team Threat Horizons report
The first threat report from the Google Cybersecurity Action Team finds cloud users are often targeted by illicit coin mining, ransomware, and APTs.


#GCP   Security Command Center - Increasing operational efficiency with new mute findings capability
Security Command Center mute findings capability helps you gain operational efficiencies by effectively managing the findings volume based on your organization's policies and requirements.


#GCP   Protect sensitive info in logs using Google Cloud
How to leverage the Data Loss Prevention API to solve the problem of storing sensitive data within application logs.


#GCP   Consuming Google Secret Manager secrets in GKE
This article lists 5 options to integrate GKE and GSM. For each option it lists the pros and cons, and a link to a code sample.


#AZURE   Simplify connectivity, routing, and security with Azure Virtual WAN
Over the past few months, Microsoft added several new capabilities to Azure Virtual WAN to simplify routing design and management.


#AZURE   Advancing service resilience in Azure Active Directory with its backup authentication service
The Azure AD backup authentication service transparently and automatically handles authentications for supported workloads when the primary Azure AD service is unavailable. It adds an additional layer of resilience on top of the multiple levels of redundancy in Azure AD.

Thanks for reading!

If you found this newsletter helpful, I'd really appreciate if you could forward it to your friends and colleagues! 👌

If you have questions, comments, or feedback, let me know on Twitter (@lancinimarco / @CloudSecList), or at feedback.cloudseclist.com!

Thanks,
Marco
Forward Forward
Twitter Tweet
Share Share

How did you like this issue of CloudSecList?

1       2       3       4       5

Archives View in browser Sponsorship
© 2019-present CloudSecList · Marco Lancini