Release Date: 09/01/2022 | Issue: 119
CloudSecList is a weekly newsletter for busy professionals who want to keep up to date with the cloud security industry. Hand curated by Marco Lancini.
Sponsor

Gain time on your security procedure
Cyber security is an ongoing process. While you build up your defenses, attackers find new ways to break them. At its core, security is an issue of time, where the only deadline is to be one step ahead. Faraday helps you create the time you need by simplifying every step of the process. Find your vulnerabilities, classified in order of risk and priority, and get the information you need to manage and solve them. You can now automate and create time to focus, fix, and keep up with the race.
Start now and talk to our experts

This week's articles


The values behind scaling cloud native security at Grafana Labs
#strategy
A summary of Grafana Labs' security manifesto.


Map the Cloud
#aws, #azure, #gcp
Find information about public cloud provider regional services availability, from AWS, Azure, Google Cloud, CloudFlare and Fastly. Get stats of services, regions and edge locations.


AWS re:Invent Security re:Cap 2021
#aws, #defend
A recap of security related announcements at re:Invent 2021.


Cloud-Native Ransomware Protection in GCP
#defend, #gcp
The five pillars of the NIST CSF help create a layered security approach to the fight against ransomware.


NotLegit: Azure App Service vulnerability exposed hundreds of source code repositories
#attack, #azure
Another vulnerability discovered by the Wiz Research Team, where the Azure App Service exposed hundreds of source code repositories.


Azure AD & IAM (Part II) ' Leveraging Managed Identities For Privilege Escalation
#attack, #azure
How to escalate privileges in Azure from low-privileged users to managed-identities.


Impersonate the Cloud: Running your app locally as if you were on Google Cloud
#build, #gcp
Some ways to securely run an app locally with the exact same context as on Google Cloud.


Get Email Notification On AWS IAM User Creation
#aws, #build, #iam
Example CloudWatch rule and Lambda function to send an email via SES whenever an IAM user is created.


Cloud-Native Observability and Security Analytics with SysFlow and Falco
#containers, #monitor
SysFlow is a compact open telemetry format that records workload behaviors by connecting event and flow representations of process control flows, file interactions, and network communications. The resulting abstraction encodes a graph structure that enables provenance reasoning on host and container environments, and fast retrieval of security-relevant information.

Tools


smokescreen
A simple HTTP proxy that fogs over naughty URLs.


kube-exec-controller
An admission controller service and kubectl plugin to handle container drift in K8s clusters. You can also refer to the companion blog post.


cw
The best way to tail AWS CloudWatch Logs from your terminal.


log4jscanner
A log4j vulnerability filesystem scanner and Go package for analyzing JAR files.

From the cloud providers


AWS Icon  Find Public IPs of Resources: Use AWS Config for Vulnerability Assessment
A scalable, serverless, and automated approach to discover public IP addresses assigned to resources in a single or multi-account environment in AWS, using AWS Config.


AWS Icon  Continuous runtime security monitoring with AWS Security Hub and Falco
How to use services such as AWS Security Hub and Falco, a Cloud Native Computing Foundation project, to build a continuous runtime security monitoring solution.

Thanks for reading!

If you found this newsletter useful and interesting, and know other people who would too, I'd really appreciate if you could forward it to them 📨

If you have questions, comments, or feedback, just reply to this email or let me know on Twitter @lancinimarco!

Thanks,
Marco
Forward Forward
Twitter Tweet
Share Share
Website
Twitter
View this email in your browser © 2019-present, CloudSecList by SecurityBite LTD.
Created by Marco Lancini.