CloudSecList is a newsletter for busy professionals who want to keep up to date with the cloud security industry. Hand-curated by Marco Lancini.
If you received it, you either subscribed or someone forwarded it to you. If you fit in the latter camp and want to subscribe, then you can click on this button:
9 Questions you Should Ask About Your Cloud Security Business leaders need to start asking new questions about the security of their cloud environment—and security teams need to be prepared to answer them. Cloud attackers don’t care about checklist security programs—they routinely cross the arbitrary boundaries we draw around things and sidestep security solutions to get what they’re after. In 9 Questions You Should Ask About Your Cloud Security, Snyk and Fugue outline the knowledge every cloud security team should possess at all times.
FabricScape (CVE-2022-30137) is a privilege escalation vulnerability in Microsoft's Service Fabric, which allowed cross tenant root access built out of unprivileged processes.
This will walk through the CloudGoat AWS detection_evasion scenario, detailing how to avoid AWS security detection and response services, such as in Lambda.
1Password for VS Code provides you with a set of tools to integrate your development workflow with 1Password, powered by the 1Password CLI. You can also read the companion blog post.
Recommendations that can improve resiliency for those that use IAM federation, in the unlikely event of disrupted availability of one of the regional endpoints.
Google announced two major capabilities that expand Cloud Armor's coverage to more types of workloads: edge security policies, and TCP/SSL Proxy Load Balancers.
Thanks for reading!
If you found this newsletter helpful, I'd really appreciate if you could forward it to your friends and colleagues! 👌
