Release Date: 14/08/2022 | Issue: 150
Know someone who'd find this useful? Forward this email
CloudSecList is a newsletter for busy professionals who want to keep up to date with the cloud security industry. Hand-curated by Marco Lancini.
Sponsor

Eliminate passwords and other static credentials like SSH keys from your infrastructure, making it more secure, scalable, and easier to use. Stolen credentials are the #1 cause of data breaches โ€” open-source Teleport makes it easy to ditch secrets and embrace identity. Teleport is an open-source secure access plane that consolidates connectivity, authentication, authorization, and audit into a single platform improving security, agility, and engineering productivity.
Try Teleport today at goteleport.com

This week's articles


Open Cybersecurity Schema Framework
A number of organizations (like AWS) announced the release of the Open Cybersecurity Schema Framework (OCSF) project, which includes an open specification for the normalization of security telemetry across a wide range of security products and services, as well as open-source tools that support and accelerate the use of the OCSF schema.   #announcement   #defend


The cloud has an isolation problem: PostgreSQL vulnerabilities affect multiple cloud vendors
How Wiz Research uncovered multiple related vulnerabilities in PostgreSQL-as-a-Service offerings from GCP, Azure, and others.   #attack   #azure   #gcp


Controlling the Source: Abusing Source Code Management Systems
Post detailing a few ways to abuse some of the most popular source code management systems to perform various attack scenarios, like: reconnaissance, manipulation of user roles, repository takeover, pivoting to other DevOps systems, user impersonation, and maintaining persistent access.   #attack   #ci/cd


How to manage Route53 hosted zones in a multi-account environment
How to manage Route53 hosted zones in a multi-account environment so each account has full authority over its subdomain.   #aws   #build


AWS Account Setup and Root User
A guide through the introductory steps to configure contacts for an AWS account & secure the root user.   #aws   #build


Scaling our security detection pipeline with Sigma
This post explains how Monzo scaled their detection rules using Sigma.   #iac   #monitor


Load external data into OPA: The Good, The Bad, and The Ugly
There are several ways to create a data fetching mechanism for OPA - each of them has its pros and cons.   #build   #opa


Security Considerations For Hosting Domain Controllers In Cloud
While Domain Controllers might not be something that new organizations, those born in the cloud, would rely on today, it seems common for most existing organizations that seek to migrate.   #defend   #design


Introducing Sentinel Policies to the Terraform Registry (Beta)
Terraform Sentinel policies are now available in the Terraform Registry so you can publish policies you want to share and search the Registry for policies you need.   #announcement   #terraform

Sponsor

Build vs Buy: 3 Key Criteria for DNS Security
DNS is critical for your application and business strategy on the Internet and Intranet. When using DNS in the Cloud, security cannot be overlooked. This blog arms cloud architects and security practitioners with recommendations and best practices for DNS security in the cloud.
Read the Blog

Tools


postee
Simple message routing system that receives input messages through a webhook interface and can enforce actions using predefined outputs via integrations.


k8s-digester
Add digests to container and init container images in Kubernetes pod and pod template specs. Use either as a mutating admission webhook, or as a client-side KRM function with kpt or kustomize.


assisted-log-enabler-for-aws
Find AWS resources that are not logging, and turn them on.


monkey365
Monkey365 provides a tool for security consultants to easily conduct Microsoft 365, Azure subscriptions and Azure Active Directory security configuration reviews.

From the cloud providers


#AWS   Field Notes: Enroll Existing AWS Accounts into AWS Control Tower
How to enroll your existing AWS accounts and accounts within the unregistered OUs in your AWS organization under AWS Control Tower programmatically.


#AWS   Now programmatically manage primary contact information on AWS accounts
It is now possible to view and update primary contact information on their AWS accounts using AWS CLI and AWS SDK.


#AWS   Web application access control patterns using AWS services
Three solution architecture patterns that prevent unauthorized clients from gaining access to web application backend servers.


#AWS   Codify your best practices using service control policies
SCP examples that relate to three well-architected pillars: operational excellence, security, & cost management.


#AWS   Delegate account factory creation to parts of your organization with AWS Control Tower
How to delegate AWS Control Tower's Account Factory to a specific part of your AWS estate. This enables and empowers local teams to create accounts while providing assurances that best practices and foundational baselines are adhered to.


#GCP   Identity & Access management: Authentication with Cloud Identity
A bird's eye view of authentication options in Google Cloud.


#AZURE   Public preview: Manage your Log Analytics data export rules in Azure portal
Data export rules in Azure Monitor log analytics can now be configured and managed directly via Azure Portal with ease.


#AZURE   General availability: AKS support for Secrets Store CSI driver
Easily integrate secrets stores into your Azure Kubernetes Service (AKS) so you can securely access your secrets via the container's file system.

Thanks for reading!

If you found this newsletter helpful, I'd really appreciate if you could forward it to your friends and colleagues! ๐Ÿ‘Œ

If you have questions, comments, or feedback, let me know on Twitter (@lancinimarco / @CloudSecList), or at feedback.cloudseclist.com!

Thanks,
Marco
Forward Forward
Twitter Tweet
Share Share

How did you like this issue of CloudSecList?

1       2       3       4       5

Archives View in browser Sponsorship
ยฉ 2019-present CloudSecList ยท Marco Lancini