Release Date: 16/01/2022 | Issue: 120
CloudSecList is a newsletter for busy professionals who want to keep up to date with the cloud security industry. Hand-curated by Marco Lancini.

If you received it, you either subscribed or someone forwarded it to you. If you fit in the latter camp and want to subscribe, then you can click on this button:
Sign Up

The Engineer's Primer on Cloud and IaC Security
The cloud has radically changed the IT security landscape. The vulnerability surface is different, and attackers operate differently. Now, how you secure your data needs to be different, too.This 16-page handbook will help you think critically about your cloud security at every stage of the development lifecycle—from infrastructure as code through the runtime. Download your free copy here.
To learn more about automating cloud security and compliance with Fugue see here.

This week's articles

2 Critical Cloud Vulnerabilities to Convince You to Move to the Cloud   #attack, #aws
The Orca Security Research Team wrote about 2 critical zero-day vulnerabilities affecting AWS: Superglue and BreakingFormation. These vulnerabilities could've allowed unauthorized access to customer data and/or sensitive code and data within AWS.

Performance metrics: Keeping things under control   #monitor, #strategy
What metrics and techniques you can use to protect your SOC against volatility, and, ultimately, burnout.

Visualizing CI/CD from an attacker's perspective   #attack, #ci/cd, #defend
Lessons learned and insight gained from a year of modeling and engineering CI/CD graphs from the attacker's perspective.

Scanning Infrastructure-as-Code for security flaws   #ci/cd, #defend, #iac
Slides discussing scanning IaC, but also drift prevention / detection, runtime scanning, and a strategy to introduce IaC scanning in an organization.

Implementing a Vulnerable AWS DevOps Environment as a CloudGoat Scenario   #attack, #aws, #ci/cd
A vulnerable "modern AWS DevOps environment" with an API, simulated user activity, and a continuous deployment pipeline.

Recover your AWS account via Customer Support   #attack, #aws
A Twitter thread on how to get AWS Customer Support to remove MFA from your root account.

Persistence with Azure Policy Guest Configuration   #attack, #azure
Use Azure Policy Guest Configuration to gain persistence in your target environment and how to detect such an attack as a defender.

Monitoring Kubernetes Jobs   #kubernetes, #monitor
How to use kube-state-metrics and Prometheus to monitor CronJobs.

Open Policy Agent 2021, Year in Review   #announcement, #opa
A summary of notable features and enhancements released from the OPA team in 2021.


A script for checking if Falco drivers are available for your system.

insject is a tool for poking at containers. It enables you to run an arbitrary command in a container or any mix of Linux namespaces. You can also refer to the companion blog post.

Easy to use CLI security checks for the Heroku platform. Validate baseline security configurations for your own Heroku deployments.

A curated list of blogs, videos, tutorials, code, tools, scripts, and anything useful to help you learn Azure Policy.

From the cloud providers

AWS Icon  Announcing AWS CloudTrail Lake: a managed audit and security Lake
Amazon announced the general availability of AWS CloudTrail Lake, a managed data lake that lets organizations aggregate, immutably store, and query events recorded by CloudTrail for auditing, security investigation, and operational troubleshooting.

AWS Icon  2021 AWS security-focused workshops
Post highlighting the newest AWS security-focused workshops.

AWS Icon  Preventive controls with AWS Identity and SCPs
How to get started with SCPs, describe common use cases, and how to write your own SCPs.

AWS Icon  Container scanning updates in Amazon ECR private registries using Amazon Inspector
Quick read on the difference between the Amazon Elastic Container Registry (ECR) basic vulnerability assessment and the new enhanced vulnerability management service that integrates Amazon Inspector.

AWS Icon  Amazon CloudWatch Logs announces AWS Organizations support for cross account Subscriptions
CloudWatch Logs now makes it easier for AWS Organizations customers to manage CloudWatch Logs Subscription Filter destination access policies.

GCP Icon  Data governance and operating model for analytics
The role of data governance, why it's important, and processes that need to be implemented to run an effective data governance program.

GCP Icon  Megatrends drive cloud adoption and improve security for all
Eight megatrends that actually compound the security advantages of the cloud compared with on-prem environments: Economy of scale, Shared fate, Healthy competition, Cloud as the digital immune system, Software-defined infrastructure, Increasing deployment velocity, Simplicity, Sovereignty meets sustainability.

GCP Icon  Geofencing a Globally Load Balanced service on GCP using Cloud Armor
How to use Cloud Armor to geofence a website/service running on GCP using Cloud Run, Google Cloud Storage (GCS) and the Global HTTP(S) Load Balancer.

Thanks for reading!

If you found this newsletter helpful, I'd really appreciate if you could forward it to your friends and colleagues! 👌

If you have questions, comments, or feedback, let me know on Twitter (@lancinimarco / @CloudSecList), or at!

Forward Forward
Twitter Tweet
Share Share

How did you like this issue of CloudSecList?

1       2       3       4       5

Archives View in browser Sponsorship
© 2019-present, CloudSecList by Marco Lancini.