Release Date: 16/01/2022 | Issue: 120
Know someone who'd find this useful? Forward this email
CloudSecList is a newsletter for busy professionals who want to keep up to date with the cloud security industry. Hand-curated by Marco Lancini.
Sponsor

The Engineer's Primer on Cloud and IaC Security
The cloud has radically changed the IT security landscape. The vulnerability surface is different, and attackers operate differently. Now, how you secure your data needs to be different, too.This 16-page handbook will help you think critically about your cloud security at every stage of the development lifecycle—from infrastructure as code through the runtime. Download your free copy here.
To learn more about automating cloud security and compliance with Fugue see here.

This week's articles


2 Critical Cloud Vulnerabilities to Convince You to Move to the Cloud
The Orca Security Research Team wrote about 2 critical zero-day vulnerabilities affecting AWS: Superglue and BreakingFormation. These vulnerabilities could've allowed unauthorized access to customer data and/or sensitive code and data within AWS.   #attack   #aws


Performance metrics: Keeping things under control
What metrics and techniques you can use to protect your SOC against volatility, and, ultimately, burnout.   #monitor   #strategy


Visualizing CI/CD from an attacker's perspective
Lessons learned and insight gained from a year of modeling and engineering CI/CD graphs from the attacker's perspective.   #attack   #ci/cd   #defend


Scanning Infrastructure-as-Code for security flaws
Slides discussing scanning IaC, but also drift prevention / detection, runtime scanning, and a strategy to introduce IaC scanning in an organization.   #ci/cd   #defend   #iac


Implementing a Vulnerable AWS DevOps Environment as a CloudGoat Scenario
A vulnerable "modern AWS DevOps environment" with an API, simulated user activity, and a continuous deployment pipeline.   #attack   #aws   #ci/cd


Recover your AWS account via Customer Support
A Twitter thread on how to get AWS Customer Support to remove MFA from your root account.   #attack   #aws


Persistence with Azure Policy Guest Configuration
Use Azure Policy Guest Configuration to gain persistence in your target environment and how to detect such an attack as a defender.   #attack   #azure


Monitoring Kubernetes Jobs
How to use kube-state-metrics and Prometheus to monitor CronJobs.   #kubernetes   #monitor


Open Policy Agent 2021, Year in Review
A summary of notable features and enhancements released from the OPA team in 2021.   #announcement   #opa

Tools


falco-driver-check
A script for checking if Falco drivers are available for your system.


insject
insject is a tool for poking at containers. It enables you to run an arbitrary command in a container or any mix of Linux namespaces. You can also refer to the companion blog post.


heroku-guardian
Easy to use CLI security checks for the Heroku platform. Validate baseline security configurations for your own Heroku deployments.


awesome-azure-policy
A curated list of blogs, videos, tutorials, code, tools, scripts, and anything useful to help you learn Azure Policy.

From the cloud providers


#AWS   Announcing AWS CloudTrail Lake: a managed audit and security Lake
Amazon announced the general availability of AWS CloudTrail Lake, a managed data lake that lets organizations aggregate, immutably store, and query events recorded by CloudTrail for auditing, security investigation, and operational troubleshooting.


#AWS   2021 AWS security-focused workshops
Post highlighting the newest AWS security-focused workshops.


#AWS   Preventive controls with AWS Identity and SCPs
How to get started with SCPs, describe common use cases, and how to write your own SCPs.


#AWS   Container scanning updates in Amazon ECR private registries using Amazon Inspector
Quick read on the difference between the Amazon Elastic Container Registry (ECR) basic vulnerability assessment and the new enhanced vulnerability management service that integrates Amazon Inspector.


#AWS   Amazon CloudWatch Logs announces AWS Organizations support for cross account Subscriptions
CloudWatch Logs now makes it easier for AWS Organizations customers to manage CloudWatch Logs Subscription Filter destination access policies.


#GCP   Data governance and operating model for analytics
The role of data governance, why it's important, and processes that need to be implemented to run an effective data governance program.


#GCP   Megatrends drive cloud adoption and improve security for all
Eight megatrends that actually compound the security advantages of the cloud compared with on-prem environments: Economy of scale, Shared fate, Healthy competition, Cloud as the digital immune system, Software-defined infrastructure, Increasing deployment velocity, Simplicity, Sovereignty meets sustainability.


#GCP   Geofencing a Globally Load Balanced service on GCP using Cloud Armor
How to use Cloud Armor to geofence a website/service running on GCP using Cloud Run, Google Cloud Storage (GCS) and the Global HTTP(S) Load Balancer.

Thanks for reading!

If you found this newsletter helpful, I'd really appreciate if you could forward it to your friends and colleagues! 👌

If you have questions, comments, or feedback, let me know on Twitter (@lancinimarco / @CloudSecList), or at feedback.cloudseclist.com!

Thanks,
Marco
Forward Forward
Twitter Tweet
Share Share

How did you like this issue of CloudSecList?

1       2       3       4       5

Archives View in browser Sponsorship
© 2019-present CloudSecList · Marco Lancini