Release Date: 20/02/2022 | Issue: 125
Know someone who'd find this useful? Forward this email
CloudSecList is a newsletter for busy professionals who want to keep up to date with the cloud security industry. Hand-curated by Marco Lancini.
Sponsor

Cloud Security Autopilot
Securing the cloud isn't easy, regardless of your team's size. It's not enough to just detect issues - they need to be investigated, context of environment understood, and then fixed.
Imagine if you could secure your cloud automatically. ARGOS finds, investigates and fixes cloud vulnerabilities - automatically, with safe rollback. We automated the most common security checks, so you don't have to.
Visualise exploitable issues with context - view the entire kill chain. Say good-bye to tedious and soul-sucking analysis - connect your cloud environment in minutes with a free 14-day trial.

This week's articles


imdsv2_wall_of_shame
List of vendors that do not allow IMDSv2 enforcement.   #aws   #defend


Managing Network Policies for namespaces isolation on a multi-tenant Kubernetes cluster
How to leverage the Hierarchical Namespace Controller (HNC) to ensure tenant isolation in a multi-tenant Kubernetes cluster.   #defend   #kubernetes


sigstore, the local way
How to build the sigstore stack (cosign, rekor, fulcio) on your machine and use it to sign and verify container signatures without ever leaving localhost.   #containers   #develop   #supply-chain


Open Policy Agent 101: A Beginner's Guide
Best practices for starting your OPA journey.   #explain   #opa


Secure Azure Cosmos DB access by using Azure Managed Identities
How to use Azure RBAC to connect to Cosmos DB and increase the security of your application by using Azure Managed Identities.   #azure   #defend   #iam


10 ways of gaining control over Azure function Apps
Some techniques for taking over Azure Function Apps.   #attack   #azure

Sponsor CloudSecList

If you want to get your product or job ad in front of thousands of security professionals, ranging from engineers to CISOs and VCs, at companies ranging from small start-ups to Fortune500 and FAANG, you can reach out at
๐Ÿ“จ [email protected] ๐Ÿ“จ

Tools


serverless-registry-proxy
Serverless reverse proxy for exposing container registries (GCR, Docker Hub, Artifact Registry etc) on custom domains.


vulhub
Pre-Built Vulnerable Environments Based on Docker-Compose.


ghostbuster
Eliminate dangling elastic IPs by performing analysis on your resources within all your AWS accounts. You can also refer to the companion blog post.


IAM Legend
AWS IAM actions autocomplete, documentation and wildcard resolution for Visual Studio Code.

From the cloud providers


#AWS   AWS Security Fundamentals (Second Edition)
Learn fundamental AWS cloud security concepts, including AWS access control, data encryption methods, and how network access to your AWS infrastructure can be secured.


#AWS   Top 2021 AWS Security service launches security professionals should review
An overview of some of the most important 2021 AWS Security launches that security professionals should be aware of.


#AWS   How to secure API Gateway HTTP endpoints with JWT authorizer
Step-by-step guidance for setting up JWT authorizers using Amazon Cognito as the identity provider, configuring HTTP APIs to use JWT authorizers, and examples to test the entire setup.


#AWS   How to Audit and Report S3 Prefix Level Access Using S3 Access Analyzer
You can use Access Analyzer for S3 to identify S3 buckets within your zone of trust (Account or Organization) that are shared with external identities.


#GCP   Here's what to know about changes to kubectl authentication coming in GKE v1.25
Starting with GKE v1.25, you will need to download and use a new kubectl plugin called "gke-gcloud-auth-plugin" to authenticate to GKE.


#GCP   Control access to microservices with gRPC and Traffic Director
Traffic Director now supports client authorization for proxyless gRPC services, so you can centrally control gRPC microservice access.


#GCP   Protecting from DNS exfiltration in GCP
Use Cloud DNS in GCP to protect against DNS exfiltration threats.


#AZURE   Now available: CIS benchmarks for Kubernetes
AKS now meets CIS benchmark standards for Kubernetes.

Thanks for reading!

If you found this newsletter helpful, I'd really appreciate if you could forward it to your friends and colleagues! ๐Ÿ‘Œ

If you have questions, comments, or feedback, let me know on Twitter (@lancinimarco / @CloudSecList), or at feedback.cloudseclist.com!

Thanks,
Marco
Forward Forward
Twitter Tweet
Share Share

How did you like this issue of CloudSecList?

1       2       3       4       5

Archives View in browser Sponsorship
ยฉ 2019-present CloudSecList ยท Marco Lancini