Release Date: 10/04/2022 | Issue: 132

CloudSecList is a newsletter for busy professionals who want to keep up to date with the cloud security industry. Hand-curated by Marco Lancini.

If you received it, you either subscribed or someone forwarded it to you. If you fit in the latter camp and want to subscribe, then you can click on this button:

AWS Lambda Function URLs are here 😱
Amazon just announced Lambda Function URLs, a new feature that lets you add HTTPS endpoints to any Lambda function.
Here are some pointers to get you started:

This Lumigo's post describing what function URLs are, and how they work
Function URLs that are shared with external identities are reported as findings in IAM Access Analyzer
This might open new exploitation avenues (see the Denonia post below)

If you are a security professional, you might want to keep an eye on this feature.

Sponsor

Live Webinar with Latha Maripuri, CISO at Uber and Erkang Zheng, CEO at JupiterOne
Join cybersecurity leaders Latha Maripuri and Erkang Zheng as they discuss novel ways to attract, train, and retain talent as well as modern approaches to the security tech stack. In "The Modern Take on Security Skills Scarcity and the Technology Landscape", they'll address a number of key challenges security leaders face, including when you should build vs. buy, hiring, succession planning, and more.
Save your seat

This week's articles

Improving software supply chain security with tamper-proof builds #build, #ci/cd, #supply-chain

A reference implementation for achieving SLSA 3 and creating non-forgeable build provenance using only free tooling on GitHub Actions.

Monocle: How Chime creates a proactive security & engineering culture #defend, #strategy

Insightful article from the Chime security team, explaining how to choose where to prioritize investments in security, and how to empower engineers and teams to independently improve the security posture of their code.

Incident report: From CLI to console, chasing an attacker in AWS #aws, #monitor

How the Expel team detected and stopped an unauthorized access in one AWS environment.

container.training #containers, #explain, #kubernetes

Materials (slides, scripts, demo app, and other code samples) used for various workshops, tutorials, and training sessions around the themes of Docker, containers, and orchestration. Developed by @jpetazzo.

Kubernetes Admission Webhooks illustrated #explain, #kubernetes

A handy illustration which explains how Kubernetes Admission Webhooks work.

Using SemGrep to find security issues and misconfigurations in AWS Cloud Development Kit projects #build, #iac

How to write Semgrep rules to find issues directly in AWS CDK code.

Kubernetes RBAC: How to Avoid Privilege Escalation via Certificate Signing #attack, #kubernetes

How users who have rights to the certificate signing request (CSR) API in Kubernetes might be able to use them to escalate their privileges in a cluster.

Denonia: The First Malware Specifically Targeting Lambda #attack, #aws

The malware uses newer address resolution techniques for command and control traffic to evade typical detection measures and virtual network access controls.

Azure Active Directory Exposes Internal Information #attack, #azure

The first issue allows anyone to query the directory synchronization status. The second issue could reveal internal information about the target Azure AD tenant, including the technical contact's full name and phone number.

Kubernetes Removals and Deprecations In 1.24 #announcement, #kubernetes

The Kubernetes 1.24 release will deprecate several (beta) APIs in favor of stable versions of the same APIs. The major change coming in the Kubernetes 1.24 release is the removal of Dockershim.

Tools

stackrox

Performs a risk analysis of the container environment, delivers visibility and runtime alerts, and provides recommendations to proactively improve security by hardening the environment.

git-credential-manager

Secure, cross-platform Git credential storage with authentication to GitHub, Azure Repos, and other popular Git hosting services.

PacketStreamer

Distributed tcpdump for cloud native environments. You can also refer to the companion blog post.

DSP

A Microservices-based framework for the study of Network Security and Penetration Test techniques.

bumblebee

Get eBPF programs running from the cloud to the kernel in 1 line of bash.

Job Advert

Doyensec is an independent security research and development company focused on vulnerability discovery and remediation. We love what we do and we routinely take on difficult engineering challenges to help our customers build with security.
We are looking for a Cloud Security Engineer to join our team. We need someone who has a strong interest in auditing and researching cloud platforms and containerized environments.
More details: https://www.careers-page.com/doyensec-llc/job/L8X354RV

From the cloud providers

Announcing AWS Lambda Function URLs

Amazon announced the general availability of Lambda Function URLs, a new feature that lets you add HTTPS endpoints to any Lambda function and optionally configure Cross-Origin Resource Sharing (CORS) headers.

Journey to Adopt Cloud-Native Architecture Series #5 - Enhancing Threat Detection, Data Protection, and Incident Response

An example of how to detect security misconfigurations, indicators of compromise, and other anomalous activity.

Application observability made easier for Compute Engine

Get started with application observability using the Ops Agent integrations UI for monitoring and logging 3rd party applications on Compute Engine.

Best practices for secure data warehouse in Google Cloud

Introducing a new security blueprint that helps enterprises build a secure data warehouse.

Standardize traffic management: Service Directory and Traffic Director

A preview of the new Service Directory and Traffic Director integration, and how it will allow you to set up load balancing and traffic management on services in a consistent way across heterogeneous and evolving infrastructure.

Thanks for reading!

If you found this newsletter helpful, I'd really appreciate if you could forward it to your friends and colleagues! 👌

If you have questions, comments, or feedback, let me know on Twitter (@lancinimarco / @CloudSecList), or at feedback.cloudseclist.com!

Thanks,
Marco

Forward

This week's articles

Tools

From the cloud providers

Thanks for reading!

How did you like this issue of CloudSecList?

1 2 3 4 5