Release Date: 20/03/2022 | Issue: 129
CloudSecList is a newsletter for busy professionals who want to keep up to date with the cloud security industry. Hand-curated by Marco Lancini.

If you received it, you either subscribed or someone forwarded it to you. If you fit in the latter camp and want to subscribe, then you can click on this button:
Sign Up
Sponsor

JupiterOne: Context and visibility into your entire cloud asset attack surface
As companies expand to the cloud, asset visibility worsens. The JupiterOne Cyber Asset Management Platform helps you get it back. JupiterOne provides context, understanding and visibility into your entire cyber asset attack surface.
With over 150 integrations including AWS, Google Cloud, Azure, and more, JupiterOne helps you answer complex security and infrastructure questions, understand the contextual relationships between assets, and build the foundation for your security program.
Try it for yourself. Get started with your free JupiterOne account today.

This week's articles


Top10 CI/CD Security Risks   #ci/cd, #defend
A document which helps defenders identify focus areas for securing their CI/CD ecosystem. It is the result of extensive research into attack vectors associated with CI/CD, and the analysis of high profile breaches and security flaws.


Why Step Functions is the Best AWS Service You Are Not Using   #aws, #defend
Using Serverless AWS Step Functions To Accelerate FedRAMP Moderate ATO.


ClickOops   #aws, #monitor
A simple Lambda that monitors your CloudTrail log files to find manual actions taken in your accounts.


4 supply chain risks in Terraform and how to prevent them with Checkov   #defend, #terraform
How to prevent Terraform supply chain weaknesses across code and delivery pipelines with Checkov.


Secure your software supply chain using Sigstore and GitHub actions   #ci/cd, #containers, #defend
How to secure your software supply chain by applying some SLSA requirements in your GitHub actions workflows.


Automated Incident Response and Forensics Framework   #aws, #monitor
A framework which aims to facilitate automated steps for incident response and forensics based on the AWS Incident Response White Paper.


A goat in the boat: a look at how Defender for Containers protects your clusters   #azure, #containers, #defend, #kubernetes
Article exploring and testing Defender for Containers against a vulnerable environment and see what it can detect or prevent.


CVE-2022-0811: CRI-O Vulnerability Could Allow Container Escape   #attack, #defend, #kubernetes, #opa
How to use Kyverno and OPA to mitigate CVE-2022-0811, a new CRI-O vulnerability which allows a container escape.


Abusing Azure Hybrid Workers for Privilege Escalation   #attack, #azure
Azure Hybrid Workers can be configured to use Automation Account "Run as" accounts, which can expose the credentials to anyone with local administrator access to the Hybrid Worker. Since "Run as" accounts are typically subscription contributors, this can lead to privilege escalation from multiple Azure Role-Based Access Control (RBAC) roles.

Tools


iamfast
A VS Code plug-in that generates AWS IAM policies from your code.


GCP Lateral Movement Detector
Iterate through all the available projects in your GCP Organization and find those Compute Engine Instances that can access other instances.


sansshell
A non-interactive daemon for host management. You can also refer to the companion blog post.


x509-certificate-exporter
A Prometheus exporter to monitor x509 certificates expiration in Kubernetes clusters or standalone.


leapp
Leapp is the DevTool to access your cloud.


From the cloud providers


AWS Icon  AWS Lambda announces support for PrincipalOrgID in resource-based policies
AWS Lambda now supports the aws:PrincipalOrgID condition key in resource-based policies. Customers can use resource-based policies for Lambda functions including specific version or alias to grant usage permissions for other AWS accounts or AWS services.


AWS Icon  How to set up IAM federation using Google Workspace
How to configure federation with Google Workspace if you are using AWS IAM federation.


AWS Icon  Streamlining evidence collection with AWS Audit Manager
How to deploy a solution into your AWS account that enables you to simply attach manual evidence to controls using AWS Audit Manager.


GCP Icon  Introducing Community Security Analytics
Introducing Community Security Analytics, an open-source repository of queries for self-service security analytics to help you get started analyzing your Google Cloud logs and detecting potential threats to your workloads & data.


Azure Icon  Secure your APIs with Private Link support for Azure API Management
Microsoft announced the preview of Azure Private Link support for Azure API Management service. With Azure Private Link we can create a private endpoint for the gateway component, which will be exposed through a private IP within your virtual network.

Thanks for reading!

If you found this newsletter helpful, I'd really appreciate if you could forward it to your friends and colleagues! 👌

If you have questions, comments, or feedback, let me know on Twitter (@lancinimarco / @CloudSecList), or at feedback.cloudseclist.com!

Thanks,
Marco
Forward Forward
Twitter Tweet
Share Share

How did you like this issue of CloudSecList?

1       2       3       4       5

Archives View in browser Sponsorship
© 2019-present, CloudSecList by Marco Lancini.