Release Date: 03/04/2022 | Issue: 131
CloudSecList is a newsletter for busy professionals who want to keep up to date with the cloud security industry. Hand-curated by Marco Lancini.

If you received it, you either subscribed or someone forwarded it to you. If you fit in the latter camp and want to subscribe, then you can click on this button:
Sign Up

Why Ransomware Attacks Steer Clear of the Cloud
It seems every day brings news of another ransomware attack, but we haven’t been seeing ransomware attacks in the cloud. Why is that? In his latest Fugue blog post, Josh Stella (chief architect, Snyk) explores why cloud data isn’t an ideal target for ransomware—and what attackers are really after instead.
Read Josh’s blog post: Why Ransomware Attacks Steer Clear of the Cloud

This week's articles

Zero Security Debt for Container Images Is Possible   #containers, #defend
The Chainguard team has released a new whitepaper titled "All About That Base Image", which aims to help software professionals better understand the security debt of popular base images by analyzing the number, severity, and lifetime of vulnerabilities.

Early Security for Startups   #strategy
What should a startup without a security team do for security?

Analyze Okta Log Events with a Falco Plugin   #falco, #iam, #monitor
Post introducing a new plugin created by the Falco Authors to collect Okta Log Events and be able to trigger alerts whenever suspicious events are detected.

Digital Forensics Basics: A Practical Guide for Kubernetes DFIR   #kubernetes, #monitor
Article covering why DFIR for Kubernetes is so important and how to assess your container DFIR capabilities.

Container Registry Security controls you didn't know you needed   #containers, #defend
Some good pointers around basic security controls for container registries.

The Expansion of Malware to the Cloud   #attack
Overview of key threats for cloud environments, with a focus on Linux malware, database malware, malicious cryptomining code, and ransomware.

Hook, Line and Sinker - Pillaging API Webhooks   #attack, #containers
Abusing webhooks to compromise the webhook provider.

Using the Dirty Pipe Vulnerability to Break Out From Containers   #attack, #kubernetes
A proof-of-concept exploit allowing an attacker having compromised a container to escape to the underlying host and gain host-level administrative privileges. The code for the PoC is also available on Github.

New Privilege Escalation Techniques that Might Compromise Your Google Cloud Platform   #attack, #gcp
Some common attack techniques that an attacker can use to exploit your Google Cloud Platform (GCP) environment, gain permissions, and steal information via services like Dataproc, Dataflow, and Composer.

Cloudy with a Chance of Unclear Mailbox Sync: CrowdStrike Services Identifies Logging Inconsistencies in Microsoft 365   #attack, #azure
Multiple investigations and testing by the CrowdStrike Services team identified inconsistencies in Azure AD sign-in logs.


Correlates serviceaccounts, pods and nodes to the permissions granted to them via rolebindings and clusterrolesbindings.

Monitor and detect crashes in your Kubernetes cluster instantly.

Add comments to pull requests where tfsec checks have failed.

Kubernetes mutating webhook to fetch secrets from AWS Secrets Manager.

From the cloud providers

AWS Icon  AWS Organizations now provides a simple, scalable and more secure way to close your member accounts
Today, you can centrally close member accounts in your AWS organization enabling easier and more efficient account management of your AWS environment. This means you're able to close member accounts from your organization's management account without needing to login to each member account individually with root credentials.

AWS Icon  Security practices in AWS multi-tenant SaaS environments
Some identity and security considerations when designing the security for your SaaS apps.

AWS Icon  How Trend Micro uses Amazon S3 Object Lambda to help keep sensitive data secure
How Trend Micro integrated with Amazon S3 Object Lambda to deliver malware scanning as objects are being retrieved from Amazon S3, and how you can use File Storage Security to detect, quarantine, and manage potential malware risk.

AWS Icon  Codify your best practices using service control policies
Find out the fundamental concepts of SCPs, and strategies to implement them.

GCP Icon  Scale and Secure your Cloud Management for Defense Applications
DIU is implementing a secure cloud access solution in a production environment after a successful year-long prototype.

GCP Icon  Add severity levels to your alert policies in Cloud Monitoring
Add static and dynamic severity levels to your alert policies for easier triaging and include these in notifications when sent to 3rd party services.

Azure Icon  General availability: Always Encrypted for Azure Cosmos DB
The Always Encrypted feature brings client-side encryption capabilities to Azure Cosmos DB and allows you to put an extra level of protection on your sensitive data.

Azure Icon  General availability: Azure Bastion native client support
Azure Bastion native client support brings you the ability to connect to target VMs from the command line and log in using your Azure Active Directory credentials.

Sponsor CloudSecList

If you want to get your product or job ad in front of thousands of security professionals, ranging from engineers to CISOs and VCs, at companies ranging from small start-ups to Fortune500 and FAANG, you can reach out at
📨 [email protected] 📨

Thanks for reading!

If you found this newsletter helpful, I'd really appreciate if you could forward it to your friends and colleagues! 👌

If you have questions, comments, or feedback, let me know on Twitter (@lancinimarco / @CloudSecList), or at!

Forward Forward
Twitter Tweet
Share Share

How did you like this issue of CloudSecList?

1       2       3       4       5

Archives View in browser Sponsorship
© 2019-present, CloudSecList by Marco Lancini.