Release Date: 10/07/2022 | Issue: 145
CloudSecList is a newsletter for busy professionals who want to keep up to date with the cloud security industry. Hand-curated by Marco Lancini.

If you received it, you either subscribed or someone forwarded it to you. If you fit in the latter camp and want to subscribe, then you can click on this button:
Sign Up
Sponsor

Benchmark your cloud configuration in minutes with JupiterOne.
See how your configuration compares against CIS Foundations benchmarks in just a few clicks. Once your cloud provider is integrated with JupiterOne, this framework is automatically imported based on which cloud provider you use, giving you greater understanding of how to improve your configuration and security posture.
Get started with your free account today

This week's articles


Optimizing CI/CD Credential Hygiene - A Comparison of CI/CD Solutions   #ci/cd, #defend
Post discussing the strengths and weaknesses of four of the most popular CI vendors (Jenkins, GitHub Actions, CircleCI and GitLab CI/CD) around common credential hygiene issues.


Let's talk about Kubernetes on the Internet   #attack, #kubernetes
Post providing information about Kubernetes network attack surface, some tricks for identifying Kubernetes clusters based on their responses to basic requests, and what information is visible on the Internet relating to exposed Kubernetes services.


Terraform Cloud Security Model   #defend, #terraform
Document explaining the authorization model, potential security threats, and HashiCorp's recommendations for securely using Terraform Cloud.


Everything and Anything You Need To Know About SOC 2   #explain
What is SOC 2? SOC 2 is a cybersecurity compliance reporting framework that companies from all industries can use to prove security to interested third parties such as potential customers or investors. If you've been looking for SOC 2 content, look no further.


Where Do I Sign? Step-by-step Sigstore Adoption   #containers, #defend, #explain
Using Sigstore, we can iteratively improve our supply chain security, starting with signed attestations and moving toward signed provenance to protect the build.


Suspecting the Unsuspected. Extracting and Analyzing Log Anomalies   #explain, #monitor
Post exploring key points in log anomaly detection with some techniques used to identify log events of interest.


Kubernetes Workload Identity with AKS   #azure, #build, #iam, #kubernetes
Post explaining how workload identity federation on AKS works, and how to set it up.

Tools


opencost
Cross-cloud cost allocation models for Kubernetes workloads.


chain-bench
An open-source tool for auditing your software supply chain stack for security compliance based on a new CIS Software Supply Chain benchmark.


cdk-eks-blueprints
This repository can be used to configure and manage complete EKS clusters that are fully bootstrapped with the operational software that is needed to deploy and operate workloads.


From the cloud providers


AWS Icon  AWS CloudFormation StackSets announces support for account level targeting in an Organizational Unit
AWS CloudFormation StackSets launched a new feature that allows you to deploy stack sets to selected AWS accounts in an Organizational Unit (OU) in a single operation.


AWS Icon  Extend AWS IAM roles to workloads outside of AWS with IAM Roles Anywhere
AWS has released IAM Roles Anywhere, a feature that extends the capabilities of IAM roles to workloads outside AWS. This feature provides a secure way to obtain temporary AWS credentials and removes the need for long-term AWS credentials.


GCP Icon  Announcing Google Public Sector
Announcing Google Public Sector, a new Google division that will focus on helping U.S. public sector institutions accelerate their digital transformations.


GCP Icon  IP Masquerading and eBPF are now in GKE Autopilot
GKE Autopilot has new networking GA features: Egress NAT policy for IP masquerading and the eBPF-based Dataplane V2 for Network Policy and Network Policy Logging.


GCP Icon  What GKE users need to know about Kubernetes' new service account tokens
Bound service account tokens are becoming the default format in Kubernetes 1.21. This will ultimately enhance the authentication layer, but you may need to modify your applications to take advantage of the new security capabilities.


Azure Icon  Generally available: Azure Backup multi-user authorization for recovery services vaults
Multi-user authorization for Backup provides enhanced protection for your backup data in recovery services vaults against unauthorized critical operations.

Sponsor CloudSecList

If you want to get your product or job ad in front of thousands of security professionals, ranging from engineers to CISOs and VCs, at companies ranging from small start-ups to Fortune500 and FAANG, you can reach out at
📨 [email protected] 📨

Thanks for reading!

If you found this newsletter helpful, I'd really appreciate if you could forward it to your friends and colleagues! 👌

If you have questions, comments, or feedback, let me know on Twitter (@lancinimarco / @CloudSecList), or at feedback.cloudseclist.com!

Thanks,
Marco
Forward Forward
Twitter Tweet
Share Share

How did you like this issue of CloudSecList?

1       2       3       4       5

Archives View in browser Sponsorship
© 2019-present, CloudSecList by Marco Lancini.