Release Date: 03/04/2022 | Issue: 131
Know someone who'd find this useful? Forward this email
CloudSecList is a newsletter for busy professionals who want to keep up to date with the cloud security industry. Hand-curated by Marco Lancini.
Sponsor

Why Ransomware Attacks Steer Clear of the Cloud
It seems every day brings news of another ransomware attack, but we haven’t been seeing ransomware attacks in the cloud. Why is that? In his latest Fugue blog post, Josh Stella (chief architect, Snyk) explores why cloud data isn’t an ideal target for ransomware—and what attackers are really after instead.
Read Josh’s blog post: Why Ransomware Attacks Steer Clear of the Cloud

This week's articles


Zero Security Debt for Container Images Is Possible
The Chainguard team has released a new whitepaper titled "All About That Base Image", which aims to help software professionals better understand the security debt of popular base images by analyzing the number, severity, and lifetime of vulnerabilities.   #containers   #defend


Early Security for Startups
What should a startup without a security team do for security?   #strategy


Analyze Okta Log Events with a Falco Plugin
Post introducing a new plugin created by the Falco Authors to collect Okta Log Events and be able to trigger alerts whenever suspicious events are detected.   #falco   #iam   #monitor


Digital Forensics Basics: A Practical Guide for Kubernetes DFIR
Article covering why DFIR for Kubernetes is so important and how to assess your container DFIR capabilities.   #kubernetes   #monitor


Container Registry Security controls you didn't know you needed
Some good pointers around basic security controls for container registries.   #containers   #defend


The Expansion of Malware to the Cloud
Overview of key threats for cloud environments, with a focus on Linux malware, database malware, malicious cryptomining code, and ransomware.   #attack


Hook, Line and Sinker - Pillaging API Webhooks
Abusing webhooks to compromise the webhook provider.   #attack   #containers


Using the Dirty Pipe Vulnerability to Break Out From Containers
A proof-of-concept exploit allowing an attacker having compromised a container to escape to the underlying host and gain host-level administrative privileges. The code for the PoC is also available on Github.   #attack   #kubernetes


New Privilege Escalation Techniques that Might Compromise Your Google Cloud Platform
Some common attack techniques that an attacker can use to exploit your Google Cloud Platform (GCP) environment, gain permissions, and steal information via services like Dataproc, Dataflow, and Composer.   #attack   #gcp


Cloudy with a Chance of Unclear Mailbox Sync: CrowdStrike Services Identifies Logging Inconsistencies in Microsoft 365
Multiple investigations and testing by the CrowdStrike Services team identified inconsistencies in Azure AD sign-in logs.   #attack   #azure

Tools


sa-hunter
Correlates serviceaccounts, pods and nodes to the permissions granted to them via rolebindings and clusterrolesbindings.


kwatch
Monitor and detect crashes in your Kubernetes cluster instantly.


tfsec-pr-commenter-action
Add comments to pull requests where tfsec checks have failed.


aws-secret-sidecar-injector
Kubernetes mutating webhook to fetch secrets from AWS Secrets Manager.

From the cloud providers


#AWS   AWS Organizations now provides a simple, scalable and more secure way to close your member accounts
Today, you can centrally close member accounts in your AWS organization enabling easier and more efficient account management of your AWS environment. This means you're able to close member accounts from your organization's management account without needing to login to each member account individually with root credentials.


#AWS   Security practices in AWS multi-tenant SaaS environments
Some identity and security considerations when designing the security for your SaaS apps.


#AWS   How Trend Micro uses Amazon S3 Object Lambda to help keep sensitive data secure
How Trend Micro integrated with Amazon S3 Object Lambda to deliver malware scanning as objects are being retrieved from Amazon S3, and how you can use File Storage Security to detect, quarantine, and manage potential malware risk.


#AWS   Codify your best practices using service control policies
Find out the fundamental concepts of SCPs, and strategies to implement them.


#GCP   Scale and Secure your Cloud Management for Defense Applications
DIU is implementing a secure cloud access solution in a production environment after a successful year-long prototype.


#GCP   Add severity levels to your alert policies in Cloud Monitoring
Add static and dynamic severity levels to your alert policies for easier triaging and include these in notifications when sent to 3rd party services.


#AZURE   General availability: Always Encrypted for Azure Cosmos DB
The Always Encrypted feature brings client-side encryption capabilities to Azure Cosmos DB and allows you to put an extra level of protection on your sensitive data.


#AZURE   General availability: Azure Bastion native client support
Azure Bastion native client support brings you the ability to connect to target VMs from the command line and log in using your Azure Active Directory credentials.

Sponsor CloudSecList

If you want to get your product or job ad in front of thousands of security professionals, ranging from engineers to CISOs and VCs, at companies ranging from small start-ups to Fortune500 and FAANG, you can reach out at
📨 [email protected] 📨

Thanks for reading!

If you found this newsletter helpful, I'd really appreciate if you could forward it to your friends and colleagues! 👌

If you have questions, comments, or feedback, let me know on Twitter (@lancinimarco / @CloudSecList), or at feedback.cloudseclist.com!

Thanks,
Marco
Forward Forward
Twitter Tweet
Share Share

How did you like this issue of CloudSecList?

1       2       3       4       5

Archives View in browser Sponsorship
© 2019-present CloudSecList · Marco Lancini