This week's articles
Zero Maintenance AWS Canary Tokens That Scale
#aws, #monitor
By utilizing temporary credentials (credentials returned as the result of the AssumeRole operation) as honeytokens, we can deploy a honeytoken approach that scales with our environment, utilize existing detection mechanisms (CloudTrail alerting), and remove the need to run a set of infrastructure dedicated to managing IAM Users.
Learning from AWS Customer Security Incidents [2022]
#attack, #aws, #defend
Slides of a post discussing the public catalog of AWS Customer Security Incidents, covering over twenty different public breaches. It walks through the technical details of these attacks, establish the common root causes, look at lessons learned, and establish how you can proactively secure your environment against these real world risks.
Plain Kubernetes Secrets are fine
#defend, #kubernetes
By creating a threat model that includes the kinds of attacks you want to mitigate, it's clear that managing secrets safely is extremely difficult. The problem is NOT that secrets are just base64 encoded; that was never meant as a security feature. And the problem cannot be simply waved away by software/cloud providers and their flashy documentation.
Introducing Envoy Gateway
#announcement
The announcement of Envoy Gateway, a new member of the Envoy Proxy family aimed at significantly decreasing the barrier to entry when using Envoy for API Gateway (sometimes known as “north-south”) use cases.
|
|
Tools
Trivy now scans Kubernetes
Trivy now can scan kubernetes clusters. It reports vulnerabilities and misconfigurations when scanning a full cluster, namespace or a resource.
kush
A Kubernetes shell that allows you to escape to the host while obfuscating itself from the API server.
ratchet
A tool for securing CI/CD workflows with version pinning.
kubectl-ice
A kubectl plugin that lets you can see the running configuration of all containers that are running inside pods.
|
|
Sponsor
99% of cloud identities are granted excessive permissions that are left unused This and other shocking findings are part of new research from Unit 42, Palo Alto Networks’ global threat intelligence arm. Poor identity and access management (IAM) leaves the door open for malicious actors to target your organization. In their latest report, Unit 42 compiled an industry-first Cloud Threat Actor Index charting the cloud-specific TTPs used to target cloud infrastructure. Get your copy now to learn who attacks cloud infrastructure and how they do it, as well as why proper IAM is your first line of defense and how to implement it. Short on time? Get the executive summary.
|
|
|
From the cloud providers
Choosing the right certificate revocation method in ACM Private CA
Post covering two fully managed certificate revocation status checking mechanisms provided by ACM PCA: the Online Certificate Status Protocol (OCSP) and certificate revocation lists (CRLs). OCSP and CRLs both enable you to manage how you can notify services and clients about ACM PCA-issued certificates that you revoke.
|
|
Thanks for reading!
|
If you found this newsletter helpful, I'd really appreciate if you could forward it to your friends and colleagues! 👌 If you have questions, comments, or feedback, let me know on Twitter ( @lancinimarco / @CloudSecList), or at feedback.cloudseclist.com! Thanks, Marco
|
|
|