Release Date: 29/05/2022 | Issue: 139
CloudSecList is a weekly newsletter for busy professionals who want to keep up to date with the cloud security industry. Hand curated by Marco Lancini.
Sponsor

JupiterOne: Cyber asset context and visibility for the cloud
As companies expand to the cloud, asset visibility worsens. The JupiterOne Cyber Asset Management Platform helps you get it back.
Answer complex security and infrastructure questions, understand the contextual relationships between assets, and build the foundation for your security program with JupiterOne. Get started with your free account or meet us at RSA!

This week's articles


Kubernetes Privilege Escalation: Excessive Permissions in Popular Platforms
#attack, #kubernetes
An analysis revealed that in 62.5% of the Kubernetes platforms reviewed, privileged DaemonSets distributed powerful credentials across every node in the cluster. As a result, in 50% of platforms, a single container escape was enough to compromise the entire cluster.


A Look Into Public Clouds From the Ransomware Actor's Perspective
#attack, #aws, #azure, #gcp
Article exploring how ransomware threat actors might operate in cloud environments, and what approaches they might use to attack and impact resources in public clouds.


Tetragone: A Lesson in Security Fundamentals
#attack, #containers
A journey through a bypass of a new eBPF-based observability and mitigation tool named Tetragon, developed in the two hours after the tool was first set up, as a hopefully instructive lesson on the importance of security fundamentals.


Automating Azure Abuse Research
#attack, #azure
A step-by-step process for automating Azure abuse research, with examples for Azure Virtual Machines and their Managed Identities.


How to Think about Threat Detection in the Cloud
#monitor, #strategy
A foundational framework for thinking about threat detection in public cloud computing.


A Review of the AWS Security Model
#aws, #defend, #strategy
AWS have released their own security maturity model, but does it stack up against what we're seeing in real-world attacks and in the approaches being suggested by the rest of the AWS security community?


rego-style-guide
A much needed style guide providing a collection of recommendations and best practices for authoring Rego.


Terraform Best Practices for Better Infrastructure Management
#build, #iac, #terraform
Post which explores different best practices for Terraform and Infrastructure as Code, analyzes various options for handling and structuring Terraform projects, and shows how adopting helper tools could make our life easier.


Secure Your Docker Images With Cosign (and OPA Gatekeeper)
#defend, #kubernetes
How combining Gatekeeper + Cosign for image signature validation with the new external_data feature lets you stop untrusted images from being deployed on your Kubernetes cluster.

Tools


rbac-police
Evaluate the RBAC permissions of serviceaccounts, pods and nodes in Kubernetes clusters through policies written in Rego.


graphql-open-policy-agent
Using OpenPolicyAgent to implement Field-level Authorization in GraphQL.


kubeaudit
kubeaudit helps you audit your Kubernetes clusters against common security controls.


kubectl-node-shell
Exec into a node via kubectl.

Sponsor

Control Your Identities to Secure Your Cloud
Companies are struggling to scale their cloud securely, in large part due to the complexities of identity management. In fact, nearly 80% of decision-makers surveyed note that the increase in cloud migrations is requiring a new set of security solutions to tackle this problem.
Join us on June 2, 2022 at 1:00 PM ET for a discussion about a new Forrester study commissioned by Sonrai and AWS, “Identity Controls & Cloud Scalability: Closing the Gap to Secure Your Cloud.” This event is hosted by Sandy Bird, CTO and cofounder of Sonrai Security, and features guests from AWS and Forrester.
Register Now

From the cloud providers


AWS Icon  AWS Startup Security Baseline (AWS SSB)
This guide provides a comprehensive set of controls for startups that want to establish a strong security foundation in the AWS Cloud.


AWS Icon  AWS Network Firewall now supports AWS Managed Threat Signatures
AWS Network Firewall now supports AWS Managed Threat Signatures to detect threats and block attacks against known vulnerabilities so you can stay up to date on the latest security threats without writing and maintaining your own rules.


AWS Icon  Build a strong identity foundation that uses your existing on-premises Active Directory
How to use your existing Microsoft Active Directory (AD) to reliably authenticate access to AWS accounts, infrastructure running on AWS, and third-party applications.


GCP Icon  Extending Chrome's Security Insights to Google Workspace and Google Cloud
Google announced the Chrome Enterprise Connectors Framework, a new way to integrate Chrome browser with Google Workspace and other Cloud products, including Google Cloud Pub/Sub, Chronicle, BeyondCorp Enterprise, and Chrome Browser Cloud Management.


GCP Icon  Enterprise DevOps Guidebook - Chapter 1
How to implement DORA best practices with Google's DevOps Enterprise Guidebook.


GCP Icon  Introducing Network Analyzer: One stop shop to detect service and network issues
Network Analyzer auto-detects failures caused by the underlying network, surfaces root cause analyses, and suggests best practices to improve the availability, performance, and security of services.


Azure Icon  Azure Key Vault secrets provider extension for Arc enabled Kubernetes clusters
Microsoft announced the GA of Azure Key Vault Secrets Provider extension for Arc enabled Kubernetes clusters. This is a Microsoft managed extension that allows you to get secret contents stored in an Azure Key Vault instance and mount them into Kubernetes pods of your Azure Arc enabled Kubernetes clusters.

Thanks for reading!

If you found this newsletter useful and interesting, and know other people who would too, I'd really appreciate if you could forward it to them 📨

If you have questions, comments, or feedback, just reply to this email or let me know on Twitter @lancinimarco!

Thanks,
Marco
Forward Forward
Twitter Tweet
Share Share
Website
Twitter
View this email in your browser © 2019-present, CloudSecList by SecurityBite LTD.
Created by Marco Lancini.