Release Date: 05/06/2022 | Issue: 140
CloudSecList is a weekly newsletter for busy professionals who want to keep up to date with the cloud security industry. Hand curated by Marco Lancini.
Sponsor

Seven Ways to Avoid the Nightmare of a Cloud Misconfiguration Attack
Cloud security is focused on preventing and eliminating misconfiguration mistakes before hackers can exploit them. But every major cloud breach involves not only resource misconfigurations, but a blast radius of actions the attacker takes once they’ve penetrated an environment.
In Seven Ways to Avoid the Nightmare of a Cloud Misconfiguration Attack, Snyk and Fugue explore how hackers operate and provide seven strategic recommendations to help your organization avoid disaster.

This week's articles


Terraform as part of the software supply chain
#attack, #supply-chain, #terraform
Post examining the supply chain aspects of Terraform, starting with a closer look at malicious Terraform modules and providers and how you can better secure them.


Democratizing Security Detection
#defend, #monitor, #strategy
Security detection programs face significant scaling challenges. This post shares Palantir's learnings and suggests actionable detection strategies.


Purpose-based access controls at Palantir
#defend, #design
Tracking who has access to what information and why, across thousands of datasets and users, is an intractable challenge. Here's how Palantir solved it.


The State of Secrets Sprawl 2022
#ci/cd, #supply-chain
The 2022 State of Secrets Sprawl report measures the exposure of secrets within GitHub, Docker and internal repos and how it is evolving year to year.


How to use Atomic Red Team to test Falco rules in K8s
#defend, #kubernetes
How to install and run the Atomic Red Team environment on a Kubernetes system for testing Falco rules.


The Hitchhiker's Guide to Pod Security
#defend, #kubernetes
Presentation covering the key concepts of Pod Security along with how to use it walking through practical examples.


Dockerfile best practices
#build, #containers, #explain
Dockerfile best-practices for writing production-worthy Docker images.


Securing Cloud Services against Squatting Attacks
#aws, #azure, #defend, #gcp
Post discussing the root causes of cloud squatting from an IT practitioner's perspective, and demonstrates the steps companies can take to harden their infrastructure.


Dealing with Multiple SBOMs
#build, #supply-chain
SBOMs do not need to look the same to validate the artifacts described in them. As long as the data inside is correct you should be able to do it.


Control traffic flow in your Kubernetes Cluster using Network Policies
#defend, #kubernetes
How to run your application in a production environment and control traffic flow in your Kubernetes cluster using network policies.

Tools


squyre
Easy alert enrichment for overworked security teams. You can also refer to the companion blog post.


AWS-Threat-Simulation-and-Detection
Playing around with Stratus Red Team (Cloud Attack simulation tool) and SumoLogic.


stratus-red-team v2.0.0
Stratus Red Team now supports Azure!


ssenv
Exit if environment variables known to be used as access tokens are set.

Sponsor

Gaining control of your human and non-human identities is critical to successfully scaling and securing your cloud
In a research Sonrai and AWS recently commissioned from Forrester, 154 IT Decision makers in North America were asked what aspects of cloud security they are finding most challenging, and identity management issues were top of the list.
Download the report to learn more

From the cloud providers


AWS Icon  Monitoring and alerting break-glass access in an AWS Organization
Article describing the integrations required across AWS Control Tower and AWS SSO to implement a break-glass mechanism that makes access reporting publishable to system operators as well as to internal audit systems and processes.


AWS Icon  How to use AWS KMS RSA keys for offline encryption
How to use AWS Key Management Service (AWS KMS) RSA public keys on end clients or devices and encrypt data, then subsequently decrypt data by using private keys that are secured in AWS KMS.


AWS Icon  When and where to use IAM permissions boundaries
Permissions boundaries are IAM features that help your centralized cloud IAM teams safely empower your application developers to create new IAM roles and policies in AWS.


AWS Icon  Using AWS CloudTrail Lake to identify older TLS connections to AWS service endpoints
How AWS CloudTrail Lake makes it easier to query all of the AWS CloudTrail management events and leverage the "tlsDetails" field to identify connections to AWS service endpoints below TLS 1.2 and 1.3.


GCP Icon  Here's what to know about changes to kubectl authentication coming in GKE v1.25
Starting with GKE v1.25, you will need to download and use a new kubectl plugin called "gke-gcloud-auth-plugin" to authenticate to GKE.


Azure Icon  General availability: New portal experience for Microsoft Artifact Registry
You can now browse for Microsoft artifacts and container images on the Microsoft Artifact Registry website.

Thanks for reading!

If you found this newsletter useful and interesting, and know other people who would too, I'd really appreciate if you could forward it to them πŸ“¨

If you have questions, comments, or feedback, just reply to this email or let me know on Twitter @lancinimarco!

Thanks,
Marco
Forward Forward
Twitter Tweet
Share Share
Website
Twitter
View this email in your browser Β© 2019-present, CloudSecList by SecurityBite LTD.
Created by Marco Lancini.