Release Date: 30/10/2022 | Issue: 161

CloudSecList is a newsletter for busy professionals who want to keep up to date with the cloud security industry. Hand-curated by Marco Lancini.

If you received it, you either subscribed or someone forwarded it to you. If you fit in the latter camp and want to subscribe, then you can click on this button:

Sponsor

Modern Privileged Access Management (PAM) Buyer’s Guide
This tech paper details the questions to ask vendors when evaluating a PAM solution for modern, cloud-native applications. It is essential that a Modern PAM solution combine strong functionality for managing privileged accounts while enabling ease of use for developers and maintainability for ops teams.
Learn how to ensure it does.

This week's articles

From Self-Hosted GitHub Runner to Self-Hosted Backdoor #attack, #ci/cd

As CI/CD pipelines become more prevalent, their attack surface and abuse are being leveraged more and more by advanced red teams and real-world APTs.

Solving common problems with Kubernetes #explain, #kubernetes

This article is aimed at engineers who need to deploy their code using Kubernetes, but have no idea what Kubernetes is or how it works.

Three Kubernetes events worth investigating #kubernetes, #monitor

Whether you run Kubernetes yourself or use a managed provider like GKE, EKS, or AKS, certain events are worth investigating: successful authorisation of an anonymous request, default service account bound to privileged cluster role, and Pod created with an unusual image.

Best Practices for Network Perimeter Security in Cloud-Native Environments #defend, #strategy

The evolution of network perimeters in modern cloud environments as well as some best practices for securing them.

AWS Security Groups Guide #aws, #defend, #explain

Knowing how security groups & NACLs work together is extremely important for controlling network traffic to your instances & subnets.

AWS security assessment: what scanners are missing and how threat modeling may help you? #defend

Without a doubt security tools are very helpful in automating security checks, but they should be treated as a complement only, and never as a replacement for the assessor.

Sigstore project announces general availability and v1.0 releases #announcement, #supply-chain

The Sigstore community announced the general availability of their free, community-operated certificate authority and transparency log services. In addition, two of Sigstore's foundational projects, Fulcio and Rekor, published v1.0 releases denoting a commitment to API stability.

The State of Vault and Kubernetes, and Future Plans #announcement, #kubernetes, #vault

An overview of the most common ways to use HashiCorp Vault and Kubernetes together, and a preview of a new method HashiCorp is considering.

Trivy Now Supports NSA Kubernetes Compliance #announcement, #defend, #kubernetes

Trivy, now supporting NSA compliance guideline, lets you outline reports to curate hundreds of checks for different components and configurations.

Tools

terraform-aws-clickops-notifier

Get notified when users are taking actions in the AWS Console.

ggcanary

A simple Terraform configuration to create and manage GitGuardian Canary Tokens.

cdebug

A handy way to troubleshoot containers lacking a shell and/or debugging tools (e.g., scratch, slim, or distroless).

cmd.ms

Are you tired of clicking around in Microsoft portals to get to a blade?

aws-list-resources

Use the AWS Cloud Control API to list resources that are present in a given AWS account and region(s).

Sponsor CloudSecList

If you want to get your product or job ad in front of thousands of security professionals, ranging from engineers to CISOs and VCs, at companies ranging from small start-ups to Fortune500 and FAANG, you can reach out at
📨 [email protected] 📨

From the cloud providers

Announcing updates to the AWS Well-Architected Framework

Amazon announced the availability of improved AWS Well-Architected Framework content. In this update, they changed all six pillars of the framework: Operational Excellence, Security, Reliability, Performance Efficiency, Cost Optimization, and Sustainability.

IAM Access Analyzer findings now support Amazon SNS topics

IAM Access Analyzer now supports six additional resource types: SNS topics, EBS volume snapshots, RDS DB snapshots, RDS DB cluster snapshots, ECR repositories, and EFS file systems.

Announcing Sensitive Actions to help keep accounts secure

Google introduced Sensitive Actions, a new way to understand user account behaviour. They are changes made in a Google Cloud environment that are security relevant, and therefore important to be aware of and evaluate.

Cloud Logging pricing for Cloud Admins: How to Approach it & Save Cost?

How, where and when pricing is incurred in Cloud Logging, Google's observability solution to manage Logs?

Announcing new GKE functionality for streamlined security management

The new interface for the Google Kubernetes Engine can streamline security workflows and can help make it easier to follow up on security alerts.

Advanced Microsoft Authenticator security features are now generally available

Admins can now prevent accidental approvals in Microsoft Authenticator with number matching, location context, and application context.

Generally available: Azure Storage Attribute-based access control for standard storage accounts

ABAC for Azure Storage Blobs, ADLS Gen2, and queues is now generally available and can be used for access control by defining conditions on role-assignments based on resource and request attributes.

Thanks for reading!

If you found this newsletter helpful, I'd really appreciate if you could forward it to your friends and colleagues! 👌

If you have questions, comments, or feedback, let me know on Twitter (@lancinimarco / @CloudSecList), or at feedback.cloudseclist.com!

Thanks,
Marco

Forward

This week's articles

Tools

From the cloud providers

Thanks for reading!

How did you like this issue of CloudSecList?

1 2 3 4 5