Release Date: 10/04/2022 | Issue: 132
The Cloud Security Reading List is a low volume newsletter (delivered once per week) that highlights security-related news focused on the cloud native landscape, hand curated by Marco Lancini.
AWS Lambda Function URLs are here 😱
Amazon just announced Lambda Function URLs, a new feature that lets you add HTTPS endpoints to any Lambda function.
Here are some pointers to get you started:If you are a security professional, you might want to keep an eye on this feature.
Sponsor

Live Webinar with Latha Maripuri, CISO at Uber and Erkang Zheng, CEO at JupiterOne
Join cybersecurity leaders Latha Maripuri and Erkang Zheng as they discuss novel ways to attract, train, and retain talent as well as modern approaches to the security tech stack. In "The Modern Take on Security Skills Scarcity and the Technology Landscape", they'll address a number of key challenges security leaders face, including when you should build vs. buy, hiring, succession planning, and more.
Save your seat

This week's articles


Improving software supply chain security with tamper-proof builds
#build, #ci/cd, #supply-chain
A reference implementation for achieving SLSA 3 and creating non-forgeable build provenance using only free tooling on GitHub Actions.


Monocle: How Chime creates a proactive security & engineering culture
#defend, #strategy
Insightful article from the Chime security team, explaining how to choose where to prioritize investments in security, and how to empower engineers and teams to independently improve the security posture of their code.


Incident report: From CLI to console, chasing an attacker in AWS
#aws, #monitor
How the Expel team detected and stopped an unauthorized access in one AWS environment.


container.training
#containers, #explain, #kubernetes
Materials (slides, scripts, demo app, and other code samples) used for various workshops, tutorials, and training sessions around the themes of Docker, containers, and orchestration. Developed by @jpetazzo.


Kubernetes Admission Webhooks illustrated
#explain, #kubernetes
A handy illustration which explains how Kubernetes Admission Webhooks work.


Using SemGrep to find security issues and misconfigurations in AWS Cloud Development Kit projects
#build, #iac
How to write Semgrep rules to find issues directly in AWS CDK code.


Kubernetes RBAC: How to Avoid Privilege Escalation via Certificate Signing
#attack, #kubernetes
How users who have rights to the certificate signing request (CSR) API in Kubernetes might be able to use them to escalate their privileges in a cluster.


Denonia: The First Malware Specifically Targeting Lambda
#attack, #aws
The malware uses newer address resolution techniques for command and control traffic to evade typical detection measures and virtual network access controls.


Azure Active Directory Exposes Internal Information
#attack, #azure
The first issue allows anyone to query the directory synchronization status. The second issue could reveal internal information about the target Azure AD tenant, including the technical contact's full name and phone number.


Kubernetes Removals and Deprecations In 1.24
#announcement, #kubernetes
The Kubernetes 1.24 release will deprecate several (beta) APIs in favor of stable versions of the same APIs. The major change coming in the Kubernetes 1.24 release is the removal of Dockershim.

Tools


stackrox
Performs a risk analysis of the container environment, delivers visibility and runtime alerts, and provides recommendations to proactively improve security by hardening the environment.


git-credential-manager
Secure, cross-platform Git credential storage with authentication to GitHub, Azure Repos, and other popular Git hosting services.


PacketStreamer
Distributed tcpdump for cloud native environments. You can also refer to the companion blog post.


DSP
A Microservices-based framework for the study of Network Security and Penetration Test techniques.


bumblebee
Get eBPF programs running from the cloud to the kernel in 1 line of bash.

Job Advert

Doyensec is an independent security research and development company focused on vulnerability discovery and remediation. We love what we do and we routinely take on difficult engineering challenges to help our customers build with security.
We are looking for a Cloud Security Engineer to join our team. We need someone who has a strong interest in auditing and researching cloud platforms and containerized environments.
More details: https://www.careers-page.com/doyensec-llc/job/L8X354RV

From the cloud providers


AWS Icon  Announcing AWS Lambda Function URLs
Amazon announced the general availability of Lambda Function URLs, a new feature that lets you add HTTPS endpoints to any Lambda function and optionally configure Cross-Origin Resource Sharing (CORS) headers.


AWS Icon  Journey to Adopt Cloud-Native Architecture Series #5 - Enhancing Threat Detection, Data Protection, and Incident Response
An example of how to detect security misconfigurations, indicators of compromise, and other anomalous activity.


GCP Icon  Application observability made easier for Compute Engine
Get started with application observability using the Ops Agent integrations UI for monitoring and logging 3rd party applications on Compute Engine.


GCP Icon  Best practices for secure data warehouse in Google Cloud
Introducing a new security blueprint that helps enterprises build a secure data warehouse.


GCP Icon  Standardize traffic management: Service Directory and Traffic Director
A preview of the new Service Directory and Traffic Director integration, and how it will allow you to set up load balancing and traffic management on services in a consistent way across heterogeneous and evolving infrastructure.

Thanks for reading!
If you found this newsletter useful and interesting, and know other people who would too, I'd really appreciate if you could forward it to them 📨

If you have questions, comments, or feedback, just reply to this email or let me know on Twitter @lancinimarco!

Thanks,
Marco
Forward Forward
Twitter Tweet
Share Share
Website
Twitter
View this email in your browser © 2019-present
The Cloud Security Reading List by SecurityBite LTD.