Release Date: 27/03/2022 | Issue: 130
CloudSecList is a newsletter for busy professionals who want to keep up to date with the cloud security industry. Hand-curated by Marco Lancini.

If you received it, you either subscribed or someone forwarded it to you. If you fit in the latter camp and want to subscribe, then you can click on this button:
Sign Up
๐Ÿ”ฅ Okta's week in the spotlight ๐Ÿ”ฅ
In the improbable case you missed this, here are some resources to get up to speed with the alleged breach of Okta:

The best lessons come from experience.
7 cybersecurity leaders share their tales

In this exclusive eBook from JupiterOne, seven cybersecurity leaders share their stories of failure and success, roadmaps you can use to improve your cybersecurity programs, and their visions for the future of cybersecurity.
Download your copy of the Modern Cybersecurity eBook

This week's articles

What to look for when reviewing a company's infrastructure   #aws, #azure, #gcp, #kubernetes, #strategy
A comprehensive guide that provides a structured approach to reviewing the security architecture of a multi-cloud SaaS company and finding its most critical components.

How We Discovered Vulnerabilities in CI/CD Pipelines of Popular Open-Source Projects   #attack, #ci/cd
An analysis of several popular open-source projects highlighted a lack of proper input sanitization in GitHub Actions workflows, allowing malicious actors to inject code into the builds through issues and comments, and to access privileged tokens.

NSA, CISA release Kubernetes Hardening Guidance   #defend, #kubernetes
The National Security Agency (NSA) and the Cybersecurity and Infrastructure Security Agency (CISA) released a Cybersecurity Technical Report, the Kubernetes Hardening Guidance.

Automagically Auditing GitHub (Actions) Security using OpenSSF Scorecards   #ci/cd, #defend
How to use the OpenSSF Scorecards GitHub Action to audit your GitHub and GitHub Actions configuration, and a breakdown of some of the issues raised by it.

Fantastic AWS Hacks and Where to Find Them   #attack, #aws, #defend
Getting started in AWS security, and how companies are getting hacked on AWS. You can also check a nice interactive mindmap.

Malicious Rego: OPA Supply Chain Attacks   #attack, #opa
Rego is designed to be utilised for a very specific purpose, and thus its standard library is understandably not huge. Despite this, much like Terraform, there are still features which can be leveraged by an attacker for supply-chain attack vectors. If a consumer takes advantage of policies published by a third party, they should be aware of the following.

Google Cloud Storage Explorer: Enumerating Google Cloud's Bucket Access Permissions   #attack, #gcp
The 'Google Cloud Platform Storage Explorer' tool crawls all of your Google Cloud projects and detects which have access to all storage data.

Azure Dominance Paths   #attack, #azure
A comprehensive map of Azure and Azure AD attack paths.

OPA Rego + tfsec: Custom security policies for your infrastructure   #iac, #opa
Recently, tfsec added support for applying Rego policies to your Terraform code. Clear rules can be written against simple data structures, whilst providing the developer with a wealth of information in the event of a failure, such as path, line numbers, and highlighted code snippets.

HashiCorp Vault 1.10 Released   #announcement, #vault
Vault 1.10 adds login MFA support, makes Vault an OIDC provider, adds support for PKI to use HSMs, and more.


Access Undenied parses AWS AccessDenied CloudTrail events, explains the reasons for them, and offers actionable remediation steps. You can also refer to the companion blog post.

The GKE Proof of Concept (PoC) Toolkit is a demo generator for Google Kubernetes Engine.

CRFS is a read-only FUSE filesystem that lets you mount a container image, served directly from a container registry (such as, without pulling it all locally first.

Enterprise-ready Azure Policy-as-Code (PaC) solution (includes Az DevOps pipeline).

From the cloud providers

AWS Icon  How to Audit and Report S3 Prefix Level Access Using S3 Access Analyzer
To reduce risk and unintended access, you can use Access Analyzer for S3 to identify S3 buckets within your zone of trust (Account or Organization) that are shared with external identities.

AWS Icon  How to automate AWS Managed Microsoft AD scaling based on utilization metrics
How to automate scaling in AWS Managed Microsoft AD using utilization metrics from your directory, which can cost-effectively improve resilience & performance of your directory.

AWS Icon  How to use AWS Security Hub and Amazon OpenSearch Service for SIEM
How you can use Security Hub with a SIEM to store findings for longer than 90 days, aggregate findings across multiple administrator accounts, and correlate Security Hub findings with each other and other log sources.

GCP Icon  Federated workload identity at scale made easy with CA Service
Google Cloud Certificate Authority Service has a simple solution for your workload certificate needs across cloud and on-premises environments.

Thanks for reading!

If you found this newsletter helpful, I'd really appreciate if you could forward it to your friends and colleagues! ๐Ÿ‘Œ

If you have questions, comments, or feedback, let me know on Twitter (@lancinimarco / @CloudSecList), or at!

Forward Forward
Twitter Tweet
Share Share

How did you like this issue of CloudSecList?

1       2       3       4       5

Archives View in browser Sponsorship
ยฉ 2019-present, CloudSecList by Marco Lancini.