Release Date: 30/10/2022 | Issue: 161
CloudSecList is a newsletter for busy professionals who want to keep up to date with the cloud security industry. Hand-curated by Marco Lancini.

If you received it, you either subscribed or someone forwarded it to you. If you fit in the latter camp and want to subscribe, then you can click on this button:
Sign Up

Modern Privileged Access Management (PAM) Buyer’s Guide
This tech paper details the questions to ask vendors when evaluating a PAM solution for modern, cloud-native applications. It is essential that a Modern PAM solution combine strong functionality for managing privileged accounts while enabling ease of use for developers and maintainability for ops teams.
Learn how to ensure it does.

This week's articles

From Self-Hosted GitHub Runner to Self-Hosted Backdoor   #attack, #ci/cd
As CI/CD pipelines become more prevalent, their attack surface and abuse are being leveraged more and more by advanced red teams and real-world APTs.

Solving common problems with Kubernetes   #explain, #kubernetes
This article is aimed at engineers who need to deploy their code using Kubernetes, but have no idea what Kubernetes is or how it works.

Three Kubernetes events worth investigating   #kubernetes, #monitor
Whether you run Kubernetes yourself or use a managed provider like GKE, EKS, or AKS, certain events are worth investigating: successful authorisation of an anonymous request, default service account bound to privileged cluster role, and Pod created with an unusual image.

Best Practices for Network Perimeter Security in Cloud-Native Environments   #defend, #strategy
The evolution of network perimeters in modern cloud environments as well as some best practices for securing them.

AWS Security Groups Guide   #aws, #defend, #explain
Knowing how security groups & NACLs work together is extremely important for controlling network traffic to your instances & subnets.

AWS security assessment: what scanners are missing and how threat modeling may help you?   #defend
Without a doubt security tools are very helpful in automating security checks, but they should be treated as a complement only, and never as a replacement for the assessor.

Sigstore project announces general availability and v1.0 releases   #announcement, #supply-chain
The Sigstore community announced the general availability of their free, community-operated certificate authority and transparency log services. In addition, two of Sigstore's foundational projects, Fulcio and Rekor, published v1.0 releases denoting a commitment to API stability.

The State of Vault and Kubernetes, and Future Plans   #announcement, #kubernetes, #vault
An overview of the most common ways to use HashiCorp Vault and Kubernetes together, and a preview of a new method HashiCorp is considering.

Trivy Now Supports NSA Kubernetes Compliance   #announcement, #defend, #kubernetes
Trivy, now supporting NSA compliance guideline, lets you outline reports to curate hundreds of checks for different components and configurations.


Get notified when users are taking actions in the AWS Console.

A simple Terraform configuration to create and manage GitGuardian Canary Tokens.

A handy way to troubleshoot containers lacking a shell and/or debugging tools (e.g., scratch, slim, or distroless).
Are you tired of clicking around in Microsoft portals to get to a blade?

Use the AWS Cloud Control API to list resources that are present in a given AWS account and region(s).

Sponsor CloudSecList

If you want to get your product or job ad in front of thousands of security professionals, ranging from engineers to CISOs and VCs, at companies ranging from small start-ups to Fortune500 and FAANG, you can reach out at
πŸ“¨ [email protected] πŸ“¨

From the cloud providers

AWS Icon  Announcing updates to the AWS Well-Architected Framework
Amazon announced the availability of improved AWS Well-Architected Framework content. In this update, they changed all six pillars of the framework: Operational Excellence, Security, Reliability, Performance Efficiency, Cost Optimization, and Sustainability.

AWS Icon  IAM Access Analyzer findings now support Amazon SNS topics
IAM Access Analyzer now supports six additional resource types: SNS topics, EBS volume snapshots, RDS DB snapshots, RDS DB cluster snapshots, ECR repositories, and EFS file systems.

GCP Icon  Announcing Sensitive Actions to help keep accounts secure
Google introduced Sensitive Actions, a new way to understand user account behaviour. They are changes made in a Google Cloud environment that are security relevant, and therefore important to be aware of and evaluate.

GCP Icon  Cloud Logging pricing for Cloud Admins: How to Approach it & Save Cost?
How, where and when pricing is incurred in Cloud Logging, Google's observability solution to manage Logs?

GCP Icon  Announcing new GKE functionality for streamlined security management
The new interface for the Google Kubernetes Engine can streamline security workflows and can help make it easier to follow up on security alerts.

Azure Icon  Advanced Microsoft Authenticator security features are now generally available
Admins can now prevent accidental approvals in Microsoft Authenticator with number matching, location context, and application context.

Azure Icon  Generally available: Azure Storage Attribute-based access control for standard storage accounts
ABAC for Azure Storage Blobs, ADLS Gen2, and queues is now generally available and can be used for access control by defining conditions on role-assignments based on resource and request attributes.

Thanks for reading!

If you found this newsletter helpful, I'd really appreciate if you could forward it to your friends and colleagues! πŸ‘Œ

If you have questions, comments, or feedback, let me know on Twitter (@lancinimarco / @CloudSecList), or at!

Forward Forward
Twitter Tweet
Share Share

How did you like this issue of CloudSecList?

1       2       3       4       5

Archives View in browser Sponsorship
Β© 2019-present, CloudSecList by Marco Lancini.