Release Date: 03/07/2022 | Issue: 144

CloudSecList is a newsletter for busy professionals who want to keep up to date with the cloud security industry. Hand-curated by Marco Lancini.

Sponsor

9 Questions you Should Ask About Your Cloud Security
Business leaders need to start asking new questions about the security of their cloud environment—and security teams need to be prepared to answer them. Cloud attackers don’t care about checklist security programs—they routinely cross the arbitrary boundaries we draw around things and sidestep security solutions to get what they’re after.
In 9 Questions You Should Ask About Your Cloud Security, Snyk and Fugue outline the knowledge every cloud security team should possess at all times.

This week's articles

The Open Cloud Vulnerability & Security Issue Database #attack, #aws, #azure, #gcp

An open project to list all known cloud vulnerabilities and Cloud Service Provider security issues.

MiTM at the Edge - Abusing Cloudflare Workers #attack, #cloudflare

An attacker compromising a Cloudflare account can abuse Workers to establish persistence and exfiltrate sensitive data.

Learnings from 5 years of tech startup code audits #build

Some of the more surprising things learned while auditing Series A/B startups.

Vault Logging and Alerting on Day 1 #aws, #build, #vault

A step-by-step guide to building a free solution for Day 1 Vault logging and alerting on AWS.

Sky's the Limit: Stratus Red Team for Azure #attack, #azure, #monitor

A write-up on using Stratus Red Team for testing threat detection rules.

FabricScape: Escaping Service Fabric and Taking Over the Cluster #attack, #azure

FabricScape (CVE-2022-30137) is a privilege escalation vulnerability in Microsoft's Service Fabric, which allowed cross tenant root access built out of unprivileged processes.

CloudGoat Scenario: Avoiding AWS Security Detection and Response #attack, #aws

This will walk through the CloudGoat AWS detection_evasion scenario, detailing how to avoid AWS security detection and response services, such as in Lambda.

Tools

op-vscode

1Password for VS Code provides you with a set of tools to integrate your development workflow with 1Password, powered by the 1Password CLI. You can also read the companion blog post.

gitgat

Evaluate source control (GitHub) security posture.

vault-assessment-prometheus-exporter

A prometheus exporter for monitoring aspects secrets stored on a running HashiCorp Vault server.

azure-policy-tester

Run unit-tests with Golang testing on your Azure policies. You can also read the companion blog post.

From the cloud providers

TLS 1.2 to become the minimum TLS protocol level for all AWS API endpoints

You will no longer be able to use TLS versions 1.0 and 1.1 with all AWS APIs in all AWS Regions by June 28, 2023.

How to use regional SAML endpoints for failover

Recommendations that can improve resiliency for those that use IAM federation, in the unlikely event of disrupted availability of one of the regional endpoints.

Announcing MITRE ATT&CK mappings for Google Cloud security capabilities

Google Cloud now supports improved, threat-informed defenses by mapping their native security capabilities to MITRE ATT&CK.

Disabling Exempted Users in Cloud Audit Logging

A new constraint to prevent from exempting additional principals from audit logging.

Announcing general availability of Cloud Armor's new edge security policies, and support for proxy load balancers

Google announced two major capabilities that expand Cloud Armor's coverage to more types of workloads: edge security policies, and TCP/SSL Proxy Load Balancers.

Thanks for reading!

If you found this newsletter helpful, I'd really appreciate if you could forward it to your friends and colleagues! 👌

If you have questions, comments, or feedback, let me know on Twitter (@lancinimarco / @CloudSecList), or at feedback.cloudseclist.com!

Thanks,
Marco

Forward

This week's articles

Tools

From the cloud providers

Thanks for reading!

How did you like this issue of CloudSecList?

1 2 3 4 5