Release Date: 16/10/2022 | Issue: 159
CloudSecList is a newsletter for busy professionals who want to keep up to date with the cloud security industry. Hand-curated by Marco Lancini.

If you received it, you either subscribed or someone forwarded it to you. If you fit in the latter camp and want to subscribe, then you can click on this button:
Sign Up
Sponsor

[Early Release] O’Reilly: Identity-Native Infrastructure Access Management
Still using passwords and other long-lived credentials? The truth is that it’s only a matter of time before one gets leaked or stolen. Learn how to move into an entirely passwordless world with the early release of Teleport’s first O’Reilly book.
Download the first chapters now for free.

This week's articles


Lateral movement risks in the cloud and how to prevent them - Part 1: the network layer (VPC)   #aws, #defend
Post introducing lateral movement as it pertains to VPCs. It discusses attacker TTPs, and outlines best practices for security practitioners and cloud builders to help secure their cloud environment and reduce risk.


Security Logging in Cloud Environments - GCP   #design, #gcp, #monitor
Another update to my "Security Logging in Cloud Environments - GCP" post, this time adding the new Sensitive Actions Service to the SCC section.


On Bypassing eBPF Security Monitoring   #attack, #monitor
How Doyensec managed to bypass eBPF-based controls, along with some ideas on how red teams or malicious actors could evade these new intrusion detection mechanisms.


You should have lots of AWS accounts   #aws, #defend
Lots of AWS accounts working together in harmony will net you a more secure, more reliable, and more compliant cloud infrastructure.


Associating security metadata with multi-architecture container images   #build, #containers
This post explores a common mistake made when assessing the security of multi-arch container images.


PCI Compliance for Kubernetes in detail - Part 2 - Authorization   #defend, #kubernetes
The 2nd part of an in-depth look at how companies running Kubernetes can approach implementing the recommendation of PCI's guidance for container orchestration.


Public Network Access to Azure Resources Is Too Easy to Configure   #attack, #azure
For some types of Azure resources and subnets, it's extremely easy to configure what is essentially public network access. This post describes some examples and how to reduce such risks.


Restructuring the Kubernetes Threat Matrix and Evaluating Attack Detection by Falco   #defend, #kubernetes
Post talking about some attack methods missing from the Threat matrix for Kubernetes published by Microsoft.


HashiCorp Vault 1.12 Adds New Secrets Engines, ADP Updates, and More   #announcement, #vault
Vault 1.12 focuses on improving Vault's core workflows as well as adding new features such as Redis and Amazon ElastiCache secrets engines, a new PKCS#11 provider, improved Transform secrets engine usability, updated resource quotas, expanded PKI revocation and telemetry capabilities.

Tools


aws-terraform-dev-container
A VSCode Dev Container with tools to help you build and manage AWS infrastructure with Terraform.


tfautomv
Generate Terraform moved blocks automatically for painless refactoring.

Sponsor

Is your SecOps ready for cloud, containers and Kubernetes?
Join Skyscanner, Sysdig and SANS on Oct. 20th at 8am PST and learn ways to bolster threat detection and response in cloud environments using EDR-like workflows, machine learning and the MITRE ATT&CK framework.
One lucky registrant will win a SANS Cloud Security Course worth $8,200!
Register Now

From the cloud providers


AWS Icon  Use IAM Access Analyzer policy generation to grant fine-grained permissions for your AWS CloudFormation service roles
How you can use Access Analyzer to generate an IAM permissions policy that restricts CloudFormation permissions to only those actions that are necessary to deploy a given template, in order to follow the principle of least privilege.


GCP Icon  Introducing Software Delivery Shield for end-to-end software supply chain security
Software Delivery Shield is a fully managed software supply chain security solution that offers a modular set of capabilities to help equip developers, DevOps, and security teams with the tools they need to build secure cloud applications.


GCP Icon  Introducing Chronicle Security Operations: Detect, investigate, and respond to cyberthreats with the speed, scale, and intelligence of Google
Chronicle Security Operations unifies Chronicle's SIEM tech, with the SOAR solutions from the Siemplify acquisition and threat intelligence from Google Cloud. The recently-completed Mandiant acquisition will add even more incident and exposure management and threat intelligence capabilities in the future.


GCP Icon  Secure GKE clusters with Custom Organization Policies in GCP
An introduction to custom Organisational Policies for GKE, which enable administrators to enforce security policies and best practices on GKE cluster resources.


GCP Icon  September 2022 Threat Horizons Report
Google Cloud's fourth Threat Horizons intelligence report is available. It brings decision-makers strategic intelligence on current and likely future threats to cloud enterprise users and the best original cloud-relevant research and security recommendations from across Google's intelligence and security teams.


GCP Icon  About the security posture dashboard for GKE
GCP now offers daily OS vulnerability scanning of workloads, bubbled into the Security Posture dashboard and Cloud Logging.


Azure Icon  Public preview: Immutable vaults for Azure Backup
Immutable vaults helps you protect your backups against threats like ransomware attacks and malicious actors by ensuring that your backup data cannot be deleted before its intended expiry time.


Azure Icon  Generally available: Windows Admin Center for Azure Virtual Machines
Windows Admin Center lets you manage the Windows Server Operating System of your Azure Virtual Machines, natively in the Azure Portal.


Azure Icon  Public preview: Azure Monitor Logs - create granular level RBAC for custom tables
Setting RBAC query read action on Azure Monitor Logs table is now publicly available.

Thanks for reading!

If you found this newsletter helpful, I'd really appreciate if you could forward it to your friends and colleagues! 👌

If you have questions, comments, or feedback, let me know on Twitter (@lancinimarco / @CloudSecList), or at feedback.cloudseclist.com!

Thanks,
Marco
Forward Forward
Twitter Tweet
Share Share

How did you like this issue of CloudSecList?

1       2       3       4       5

Archives View in browser Sponsorship
© 2019-present, CloudSecList by Marco Lancini.