Release Date: 30/01/2022 | Issue: 122
CloudSecList is a weekly newsletter for busy professionals who want to keep up to date with the cloud security industry. Hand curated by Marco Lancini.
Sponsor

Cloud Security Autopilot
Securing the cloud isn't easy, regardless of your team's size. It's not enough to just detect issues - they need to be investigated, context of environment understood, and then fixed.
Imagine if you could secure your cloud automatically. ARGOS finds, investigates and fixes cloud vulnerabilities - automatically, with safe rollback. We automated the most common security checks, so you don't have to.
Visualise exploitable issues with context - view the entire kill chain. Say good-bye to tedious and soul-sucking analysis - connect your cloud environment in minutes with a free 14-day trial.

This week's articles


CVE-2022-0185 in Linux Kernel Can Allow Container Escape in Kubernetes
#attack, #containers, #kubernetes
A high-severity CVE was released that affects the Linux kernel, allowing unprivileged users to escalate those rights to root and escape from the container.


Securing Terraform monorepo CI
#ci/cd, #defend, #terraform
Post explaining the security problems the Mercari team faced in their Terraform environment, and how they improved the situation.


Catalog of AWS Customer Security Incidents
#attack, #aws
This repository seeks to index all publicly disclosed AWS customer security incidents with a known root cause.


Kubernetes protection in Amazon GuardDuty
#aws, #monitor
GuardDuty can now monitor Kubernetes clusters within your AWS environment.


How I Discovered Thousands of Open Databases on AWS
#attack, #aws
A writeup describing the journey on finding and reporting databases with sensitive data about Fortune-500 companies, hospitals, crypto platforms, startups, and more.


Why you need to update your risky default EMR managed roles and policies
#aws, #iam
Post examining EMR's default roles and managed policies to understand if they follow security best practices of least privileges.


Kubernetes Vault Integration via Sidecar Agent Injector vs. CSI Provider
#explain, #kubernetes, #vault
A detailed comparison of two HashiCorp-supported methods for HashiCorp Vault and Kubernetes integration.


Handling Auth in EKS Clusters: Setting Up Kubernetes User Access Using AWS IAM
#aws, #build, #kubernetes
How to get authentication working correctly in EKS from the beginning.


ISTIO-SECURITY-2022-002
#attack, #kubernetes
Istio version 1.12.0 and 1.12.1 are vulnerable to a privilege escalation attack. Users who have CREATE permission for gateways.gateway.networking.k8s.io objects can escalate this privilege to create other resources that they may not have access to, such as Pod.

Tools


Stratus Red team
Stratus Red Team is "Atomic Red Teamβ„’" for the cloud, allowing to emulate offensive attack techniques in a granular and self-contained manner.


HOUDINI
Hundreds of Offensive and Useful Docker Images for Network Intrusion.


SneakyEndpoints
Hide from the InstanceCredentialExfiltration GuardDuty finding by using VPC Endpoints.


cosign-keyless-admission-webhook
Kubernetes admission webhook that uses cosign verify to check the subject and issuer of the image matches what you expect.


DevOps-The-Hard-Way-AWS
This repository contains free labs for setting up an entire workflow and DevOps environment from a real-world perspective in AWS.

From the cloud providers


AWS Icon  Amazon GuardDuty Enhances Detection of EC2 Instance Credential Exfiltration
GuardDuty has now the ability to detect when your EC2 instance credentials are being used from another AWS Account.


AWS Icon  Guidelines for Implementing AWS WAF
A new whitepaper from AWS which outlines recommendations for implementing AWS WAF to protect existing and new web applications.


AWS Icon  How to enable secure seamless single sign-on to Amazon EC2 Windows instances with AWS SSO
How to provide a single sign-in experience to Windows EC2 instances using AWS Fleet Manager with AWS SSO, enabling you to login with your AWS SSO identity, or any supported identity provider to AWS SSO.


AWS Icon  How to enrich AWS Security Hub findings with account metadata
How to deploy a solution to enrich AWS Security Hub findings with additional account-related metadata, such as the account name, the Organization Unit (OU) associated with the account, security contact information, and account tags.


AWS Icon  How to use tokenization to improve data security and reduce audit scope
Post providing guidance to determine your requirements for tokenization, with an emphasis on the compliance lens.


GCP Icon  GCP controls to leverage for building a secure and compliant data pipeline
A set of controls to leverage when creating data products in compliance with security and regulatory requirements using Google Cloud services.


GCP Icon  Google Cloud VPC-Service Controls: Lessons Learned
Some lessons learned while applying the VPC-Service Controls (a.k.a. VPC-SC) to one complex network infrastructure.

Thanks for reading!

If you found this newsletter useful and interesting, and know other people who would too, I'd really appreciate if you could forward it to them πŸ“¨

If you have questions, comments, or feedback, just reply to this email or let me know on Twitter @lancinimarco!

Thanks,
Marco
Forward Forward
Twitter Tweet
Share Share
Website
Twitter
View this email in your browser Β© 2019-present, CloudSecList by Marco Lancini.