Release Date: 10/04/2022 | Issue: 132
CloudSecList is a newsletter for busy professionals who want to keep up to date with the cloud security industry. Hand-curated by Marco Lancini.

If you received it, you either subscribed or someone forwarded it to you. If you fit in the latter camp and want to subscribe, then you can click on this button:
Sign Up
AWS Lambda Function URLs are here 😱
Amazon just announced Lambda Function URLs, a new feature that lets you add HTTPS endpoints to any Lambda function.
Here are some pointers to get you started:If you are a security professional, you might want to keep an eye on this feature.

Live Webinar with Latha Maripuri, CISO at Uber and Erkang Zheng, CEO at JupiterOne
Join cybersecurity leaders Latha Maripuri and Erkang Zheng as they discuss novel ways to attract, train, and retain talent as well as modern approaches to the security tech stack. In "The Modern Take on Security Skills Scarcity and the Technology Landscape", they'll address a number of key challenges security leaders face, including when you should build vs. buy, hiring, succession planning, and more.
Save your seat

This week's articles

Improving software supply chain security with tamper-proof builds   #build, #ci/cd, #supply-chain
A reference implementation for achieving SLSA 3 and creating non-forgeable build provenance using only free tooling on GitHub Actions.

Monocle: How Chime creates a proactive security & engineering culture   #defend, #strategy
Insightful article from the Chime security team, explaining how to choose where to prioritize investments in security, and how to empower engineers and teams to independently improve the security posture of their code.

Incident report: From CLI to console, chasing an attacker in AWS   #aws, #monitor
How the Expel team detected and stopped an unauthorized access in one AWS environment.   #containers, #explain, #kubernetes
Materials (slides, scripts, demo app, and other code samples) used for various workshops, tutorials, and training sessions around the themes of Docker, containers, and orchestration. Developed by @jpetazzo.

Kubernetes Admission Webhooks illustrated   #explain, #kubernetes
A handy illustration which explains how Kubernetes Admission Webhooks work.

Using SemGrep to find security issues and misconfigurations in AWS Cloud Development Kit projects   #build, #iac
How to write Semgrep rules to find issues directly in AWS CDK code.

Kubernetes RBAC: How to Avoid Privilege Escalation via Certificate Signing   #attack, #kubernetes
How users who have rights to the certificate signing request (CSR) API in Kubernetes might be able to use them to escalate their privileges in a cluster.

Denonia: The First Malware Specifically Targeting Lambda   #attack, #aws
The malware uses newer address resolution techniques for command and control traffic to evade typical detection measures and virtual network access controls.

Azure Active Directory Exposes Internal Information   #attack, #azure
The first issue allows anyone to query the directory synchronization status. The second issue could reveal internal information about the target Azure AD tenant, including the technical contact's full name and phone number.

Kubernetes Removals and Deprecations In 1.24   #announcement, #kubernetes
The Kubernetes 1.24 release will deprecate several (beta) APIs in favor of stable versions of the same APIs. The major change coming in the Kubernetes 1.24 release is the removal of Dockershim.


Performs a risk analysis of the container environment, delivers visibility and runtime alerts, and provides recommendations to proactively improve security by hardening the environment.

Secure, cross-platform Git credential storage with authentication to GitHub, Azure Repos, and other popular Git hosting services.

Distributed tcpdump for cloud native environments. You can also refer to the companion blog post.

A Microservices-based framework for the study of Network Security and Penetration Test techniques.

Get eBPF programs running from the cloud to the kernel in 1 line of bash.

Job Advert

Doyensec is an independent security research and development company focused on vulnerability discovery and remediation. We love what we do and we routinely take on difficult engineering challenges to help our customers build with security.
We are looking for a Cloud Security Engineer to join our team. We need someone who has a strong interest in auditing and researching cloud platforms and containerized environments.
More details:

From the cloud providers

AWS Icon  Announcing AWS Lambda Function URLs
Amazon announced the general availability of Lambda Function URLs, a new feature that lets you add HTTPS endpoints to any Lambda function and optionally configure Cross-Origin Resource Sharing (CORS) headers.

AWS Icon  Journey to Adopt Cloud-Native Architecture Series #5 - Enhancing Threat Detection, Data Protection, and Incident Response
An example of how to detect security misconfigurations, indicators of compromise, and other anomalous activity.

GCP Icon  Application observability made easier for Compute Engine
Get started with application observability using the Ops Agent integrations UI for monitoring and logging 3rd party applications on Compute Engine.

GCP Icon  Best practices for secure data warehouse in Google Cloud
Introducing a new security blueprint that helps enterprises build a secure data warehouse.

GCP Icon  Standardize traffic management: Service Directory and Traffic Director
A preview of the new Service Directory and Traffic Director integration, and how it will allow you to set up load balancing and traffic management on services in a consistent way across heterogeneous and evolving infrastructure.

Thanks for reading!

If you found this newsletter helpful, I'd really appreciate if you could forward it to your friends and colleagues! 👌

If you have questions, comments, or feedback, let me know on Twitter (@lancinimarco / @CloudSecList), or at!

Forward Forward
Twitter Tweet
Share Share

How did you like this issue of CloudSecList?

1       2       3       4       5

Archives View in browser Sponsorship
© 2019-present, CloudSecList by Marco Lancini.