Release Date: 13/11/2022 | Issue: 163
CloudSecList is a newsletter for busy professionals who want to keep up to date with the cloud security industry. Hand-curated by Marco Lancini.

If you received it, you either subscribed or someone forwarded it to you. If you fit in the latter camp and want to subscribe, then you can click on this button:
Sign Up

Modern Privileged Access Management (PAM) Buyer’s Guide
This tech paper details the questions to ask vendors when evaluating a PAM solution for modern, cloud-native applications. It is essential that a Modern PAM solution combine strong functionality for managing privileged accounts while enabling ease of use for developers and maintainability for ops teams.
Learn how to ensure it does.

This week's articles

Robbery on DevOps: Understanding and Mitigating Illicit Cryptomining on Continuous Integration Service Platforms   #attack, #ci/cd, #defend
A paper which provides a systematic study on real-world illicit cryptomining on public CI platforms, and proposes a novel approach which suppresses the miner's revenues, rendering them unprofitable, but only has negligible impacts on the performance of CI jobs and developer productivity.

An AWS account just for getting into other AWS accounts   #aws, #defend
This is the AWS account that makes having lots of AWS accounts efficient and safe. It's the most important account in your organization.

From zero to production in sixty minutes: Building a cloud platform for product development   #strategy
How GSK set out to build a cloud platform to enable their product team to work in short cycles.

FivexL's Reaction to the AWS Security Baseline for Startups   #aws, #defend, #explain
FivexL shares its outlook on AWS Security Guidelines for startups. Find out how to improve your AWS security efficiently.

GitOps Certification   #containers, #explain
Some courses (and certifications) that teach the theory of GitOps and how to apply all of these practices in your application using the Argo project family.

AWS Network Firewall Workshop   #aws, #explain
A workshop teaching how to deploy Network Firewall using infrastructure as code.

Bypassing Azure AD home tenant MFA and CA   #attack, #azure
Because of the Azure AD authentication platform architecture, users can bypass home tenant MFA and CA policies when logging in directly to resource tenants.

OCI as attestations storage for your packages   #build, #supply-chain
A post showing an approach to store SBOMs and Provenance in an OCI registry for software release assets.

Tracee Newly Released Rules Detect Attackers Out-of-the-Box   #announcement, #defend
Tracee now detects suspicious behavior at runtime with an extensive data collection and rules engine with a revised signature library for an array of scenarios.


This tools uses the AWS SSO API to list all users, accounts, permission sets etc. and dumps it into a CSV file for additional parsing or viewing.

A high availability AWS NAT implementation that reduces NAT Gateway costs while limiting the increased risk of operating NAT instances.

A proof-of-concept Lambda external extension that demonstrates some techniques to inspect and modify raw event data. You can also refer to the companion blog post.

GCE Rescue is a command-line tool to boot Google Cloud Platform VMs in Rescue Mode.

From the cloud providers

AWS Icon  Introducing AWS Resource Explorer - Quickly Find Resources in Your AWS Account
Using the new AWS Resource Explorer, you can now search through the AWS resources in your account across Regions using metadata such as names, tags, and IDs.

AWS Icon  What is AWS Resource Explorer?
Learn about Resource Explorer, an AWS service that lets you search for and find the resources in your AWS account.

AWS Icon  AWS CloudTrail announces delegated administrator account support for AWS Organizations
AWS CloudTrail announces support for a delegated administrator account, which provides customers with the ability to manage organization trails and CloudTrail Lake event data stores from an account other than the management account in AWS Organizations.

AWS Icon  Introducing Amazon EventBridge Scheduler
Amazon announced EventBridge Scheduler, a new capability from EventBridge that allows you to create, run, and manage scheduled tasks at scale.

GCP Icon  Traffic Director: TLS routing using Envoy gateway proxy on GKE
A sample architecture for using Traffic Director with TLS routing for workloads deployed on the GKE cluster.

GCP Icon  Google Kubernetes Engine Gateway controller is now GA for single cluster deployments
GCP announced the General Availability of the GKE Gateway controller, Google Cloud's implementation of the Kubernetes Gateway API, supporting single cluster deployments, in GKE 1.24+ clusters.

GCP Icon  GitOps with OCI Artifacts and Config Sync
Getting started with deploying your OCI artifacts and Helm charts the GitOps way with Config Sync.

GCP Icon  When should I use Cloud Armor?
This blog looks at a few examples where Cloud Armor might be a good fit.

Azure Icon  Generally available: Block domain fronting behavior on newly created customer resources
All newly created Azure Front Door, Azure Front Door (classic) or Azure CDN Standard from Microsoft (classic) resources will block any HTTP request that exhibits domain fronting behavior.

Azure Icon  Public preview: Rotate SSH keys on existing AKS nodepools
You can now update SSH keys on existing AKS nodepools post deployment.

Azure Icon  Introducing the Microsoft Defender for Cloud Apps data protection series
A series of blogs where the goal is to help shed light on when to use Defender for Cloud Apps and Purview to protect your data.

Azure Icon  Public preview: Azure Front Door integration with managed identities
Azure Front Door now supports managed identities generated by Azure Active Directory to allow Front Door to easily and securely access other Azure AD-protected resources such as Azure Key Vault.

Thanks for reading!

If you found this newsletter helpful, I'd really appreciate if you could forward it to your friends and colleagues! πŸ‘Œ

If you have questions, comments, or feedback, let me know on Twitter (@lancinimarco / @CloudSecList), or at!

Forward Forward
Twitter Tweet
Share Share

How did you like this issue of CloudSecList?

1       2       3       4       5

Archives View in browser Sponsorship
Β© 2019-present, CloudSecList by Marco Lancini.