Release Date: 10/07/2022 | Issue: 145
Know someone who'd find this useful? Forward this email
CloudSecList is a newsletter for busy professionals who want to keep up to date with the cloud security industry. Hand-curated by Marco Lancini.
Sponsor

Benchmark your cloud configuration in minutes with JupiterOne.
See how your configuration compares against CIS Foundations benchmarks in just a few clicks. Once your cloud provider is integrated with JupiterOne, this framework is automatically imported based on which cloud provider you use, giving you greater understanding of how to improve your configuration and security posture.
Get started with your free account today

This week's articles


Optimizing CI/CD Credential Hygiene - A Comparison of CI/CD Solutions
Post discussing the strengths and weaknesses of four of the most popular CI vendors (Jenkins, GitHub Actions, CircleCI and GitLab CI/CD) around common credential hygiene issues.   #ci/cd   #defend


Let's talk about Kubernetes on the Internet
Post providing information about Kubernetes network attack surface, some tricks for identifying Kubernetes clusters based on their responses to basic requests, and what information is visible on the Internet relating to exposed Kubernetes services.   #attack   #kubernetes


Terraform Cloud Security Model
Document explaining the authorization model, potential security threats, and HashiCorp's recommendations for securely using Terraform Cloud.   #defend   #terraform


Everything and Anything You Need To Know About SOC 2
What is SOC 2? SOC 2 is a cybersecurity compliance reporting framework that companies from all industries can use to prove security to interested third parties such as potential customers or investors. If you've been looking for SOC 2 content, look no further.   #explain


Where Do I Sign? Step-by-step Sigstore Adoption
Using Sigstore, we can iteratively improve our supply chain security, starting with signed attestations and moving toward signed provenance to protect the build.   #containers   #defend   #explain


Suspecting the Unsuspected. Extracting and Analyzing Log Anomalies
Post exploring key points in log anomaly detection with some techniques used to identify log events of interest.   #explain   #monitor


Kubernetes Workload Identity with AKS
Post explaining how workload identity federation on AKS works, and how to set it up.   #azure   #build   #iam   #kubernetes

Tools


opencost
Cross-cloud cost allocation models for Kubernetes workloads.


chain-bench
An open-source tool for auditing your software supply chain stack for security compliance based on a new CIS Software Supply Chain benchmark.


cdk-eks-blueprints
This repository can be used to configure and manage complete EKS clusters that are fully bootstrapped with the operational software that is needed to deploy and operate workloads.

From the cloud providers


#AWS   AWS CloudFormation StackSets announces support for account level targeting in an Organizational Unit
AWS CloudFormation StackSets launched a new feature that allows you to deploy stack sets to selected AWS accounts in an Organizational Unit (OU) in a single operation.


#AWS   Extend AWS IAM roles to workloads outside of AWS with IAM Roles Anywhere
AWS has released IAM Roles Anywhere, a feature that extends the capabilities of IAM roles to workloads outside AWS. This feature provides a secure way to obtain temporary AWS credentials and removes the need for long-term AWS credentials.


#GCP   Announcing Google Public Sector
Announcing Google Public Sector, a new Google division that will focus on helping U.S. public sector institutions accelerate their digital transformations.


#GCP   IP Masquerading and eBPF are now in GKE Autopilot
GKE Autopilot has new networking GA features: Egress NAT policy for IP masquerading and the eBPF-based Dataplane V2 for Network Policy and Network Policy Logging.


#GCP   What GKE users need to know about Kubernetes' new service account tokens
Bound service account tokens are becoming the default format in Kubernetes 1.21. This will ultimately enhance the authentication layer, but you may need to modify your applications to take advantage of the new security capabilities.


#AZURE   Generally available: Azure Backup multi-user authorization for recovery services vaults
Multi-user authorization for Backup provides enhanced protection for your backup data in recovery services vaults against unauthorized critical operations.

Sponsor CloudSecList

If you want to get your product or job ad in front of thousands of security professionals, ranging from engineers to CISOs and VCs, at companies ranging from small start-ups to Fortune500 and FAANG, you can reach out at
๐Ÿ“จ [email protected] ๐Ÿ“จ

Thanks for reading!

If you found this newsletter helpful, I'd really appreciate if you could forward it to your friends and colleagues! ๐Ÿ‘Œ

If you have questions, comments, or feedback, let me know on Twitter (@lancinimarco / @CloudSecList), or at feedback.cloudseclist.com!

Thanks,
Marco
Forward Forward
Twitter Tweet
Share Share

How did you like this issue of CloudSecList?

1       2       3       4       5

Archives View in browser Sponsorship
ยฉ 2019-present CloudSecList ยท Marco Lancini