Release Date: 17/07/2022 | Issue: 146
CloudSecList is a newsletter for busy professionals who want to keep up to date with the cloud security industry. Hand-curated by Marco Lancini.

If you received it, you either subscribed or someone forwarded it to you. If you fit in the latter camp and want to subscribe, then you can click on this button:
Sign Up

Vantaโ€™s State of Startup Security Report
Vanta asked startups to honestly answer questions about their security posture, planning, and prioritization. Over 500 people took part in our survey and weโ€™re sharing the results.
Learn more today!

This week's articles

MITRE ATT&CK Matrix for Kubernetes: Tactics & Techniques Part 1   #attack, #explain, #kubernetes
Learn about the first four threat vectors in Kubernetes: initial access, execution, persistence, and privilege escalation.

Awesome Cloud Native Trainings   #explain
All the free trainings (with and without certificates) released from different companies supporting CNCF Projects and Kubernetes.

Cloud design patterns   #azure, #build
Design patterns for building reliable, scalable, secure applications in the cloud by walking through examples based on Microsoft Azure.

Transparently Immutable Tags using Sigstore's Rekor   #containers, #defend
A nice approach to verifying container image (im)mutability using a transparency log, which allows to verify if a tag has changed since the last time it was seen.

How attackers use exposed Prometheus server to exploit Kubernetes clusters   #attack, #kubernetes
More ways to compromise Kubernetes via a publicly exposed service. This time it's Prometheus.

How to think about threat detection in the cloud   #gcp, #monitor
Detecting cybersecurity threats in the cloud is different from on-premises. Here's why.

Exploiting Authentication in AWS IAM Authenticator for Kubernetes   #attack, #aws
This blog post explains three vulnerabilities detected in the AWS IAM Authenticator where all of them were caused by the same code line.

A Practical Guide to Capturing Production Traffic with eBPF   #explain, #monitor
This blog explores the main concepts behind eBPF technology and provides step by step instructions on how to build your own eBPF-based traffic capturing tool.

Datadog Security Labs   #announcement
Datadog announced the "Datadog Security Labs", a new dedicated place for their security research content. It will host the release of new open source tools, research projects, emerging threat reports, deep dives, telemetry studies, and more.


Open-source proof-of-concept client for AWS IAM Roles Anywhere.

Dependency-Track is an intelligent Component Analysis platform that allows organizations to identify and reduce risk in the software supply chain.

Gitleaks is a SAST tool for detecting and preventing hardcoded secrets like passwords, api keys, and tokens in git repos.


A cheatsheet around SLSA, explaining threats, levels, requirements, and implementations.


How to secure Kubernetes deployment with signature verification
When running containers in a Kubernetes cluster, trusting the images you deploy is key to enforce security. The use of mutable images represents a risk to the secure Kubernetes deployment. Read this blog to learn step-by-step how to implement a secure Kubernetes deployment.
Learn More

From the cloud providers

AWS Icon  Amazon GuardDuty introduces new capabilities to detect malicious access to data stored in S3 buckets
GuardDuty introduces new machine learning capabilities that can more accurately identify malicious activity associated with known attack tactics, including the following: Data discovery, Tampering, Exfiltration.

AWS Icon  Eligible customers can now order a free MFA security key
AWS will now send you an MFA key to help secure your account.

AWS Icon  Automated Forensics Orchestrator for Amazon EC2
Self-service solution to capture and examine data from EC2 instances and attached volumes for forensic analysis in the event of a potential security breach.

GCP Icon  Introducing Batch, a new managed service for scheduling batch jobs at any scale
The new Batch managed service manages job queues, provisions and autoscales resources, runs jobs, executes subtasks, and deals with common errors.

GCP Icon  Invest early, save later: Why shifting security left helps your bottom line
By "shifting left", identifying cloud-related misconfigurations earlier, organizations can improve the quality of their products and lower their security costs.

GCP Icon  Security Monitoring in Google Cloud
Moving to the cloud comes with the fundamental question of how to effectively manage security and risk posture. From a Security Operations (SecOps) perspective, there are few core requirements that you may need for effective security and risk management in the cloud. Here are four big ones that are essential for SecOps.

Azure Icon  Introducing the Azure Developer CLI (azd): A faster way to build apps for the cloud
The Azure Developer CLI provides developer-friendly commands that map to key stages in your workflow: code, build, deploy, monitor, repeat.

Thanks for reading!

If you found this newsletter helpful, I'd really appreciate if you could forward it to your friends and colleagues! ๐Ÿ‘Œ

If you have questions, comments, or feedback, let me know on Twitter (@lancinimarco / @CloudSecList), or at!

Forward Forward
Twitter Tweet
Share Share

How did you like this issue of CloudSecList?

1       2       3       4       5

Archives View in browser Sponsorship
ยฉ 2019-present, CloudSecList by Marco Lancini.