Release Date: 17/04/2022 | Issue: 133
Know someone who'd find this useful? Forward this email
CloudSecList is a newsletter for busy professionals who want to keep up to date with the cloud security industry. Hand-curated by Marco Lancini.
Sponsor
The growing problem of secrets sprawling in corporate repositories Credentials are a nightmare for security engineers because they can end up in so many places: build, monitoring, or runtime logs, stack traces, and … git history. “Secrets detection is a very essential part of security. It’s one of the basics that you need to cover all the time. Otherwise, you’re going to expose your endpoints online and you’re going to suffer endless attacks. When it comes to application development, secrets detection is essential to a security program. You need to have it. Otherwise, you’ll fail.” — Abbas Haidar, Head of InfoSec Download the Report, it’s Ungated!
A role trust policy that trusts a specific principal suggests that only that source principal has access to it, but it does not control access to that source principal, and so makes it seem like it limits access when it may not.
#aws #explain #iam
Self-paced course to learn fundamental AWS cloud security concepts, including AWS access control, data encryption methods, and how network access to your AWS infrastructure can be secured.
#aws #explain
Lightspin's Research Team obtained credentials to an internal AWS service by exploiting a local file read vulnerability on the RDS EC2 instance using the log_fdw extension.
#attack #aws
The NetSPI team recently discovered a set of issues that allows any Azure user with the Subscription Reader role to dump saved credentials and certificates from Automation Accounts. In cases where Run As accounts were used, this allowed for a Reader to Contributor privilege escalation path.
#attack #azure
Sponsor
Securing Containers and Cloud for Dummies Trying to Make Sense of Cloud and Container Security? To develop and operate securely in the cloud requires addressing blind spots across multi-cloud infrastructure. Read this comprehensive eBook to help demystify complex cloud topics to secure your cloud and containers. Access Now
How to pass calls to Amazon Cognito through a lightweight proxy. This pattern allows you to augment identity flows in your system with additional processing without having to change the client or the backend.
How to automatically resolve AWS Security Hub findings for previously deleted AWS resources. By using an event-driven solution, you can automatically resolve findings for AWS and third-party service integrations.
Private endpoints enable clients on an Azure virtual network to securely access Azure Static Web Apps through an IP address in the virtual network's address space over a private link.
Azure Monitoring Agent (AMA) is a native way to collect log files for Log Analytics. This new custom and IIS log capability is designed for you to collect text-based logs generated in your service or application.
Thanks for reading!
If you found this newsletter helpful, I'd really appreciate if you could forward it to your friends and colleagues! 👌