Release Date: 13/11/2022 | Issue: 163
Know someone who'd find this useful? Forward this email
CloudSecList is a newsletter for busy professionals who want to keep up to date with the cloud security industry. Hand-curated by Marco Lancini.
Sponsor

Modern Privileged Access Management (PAM) Buyer’s Guide
This tech paper details the questions to ask vendors when evaluating a PAM solution for modern, cloud-native applications. It is essential that a Modern PAM solution combine strong functionality for managing privileged accounts while enabling ease of use for developers and maintainability for ops teams.
Learn how to ensure it does.

This week's articles


Robbery on DevOps: Understanding and Mitigating Illicit Cryptomining on Continuous Integration Service Platforms
A paper which provides a systematic study on real-world illicit cryptomining on public CI platforms, and proposes a novel approach which suppresses the miner's revenues, rendering them unprofitable, but only has negligible impacts on the performance of CI jobs and developer productivity.   #attack   #ci/cd   #defend


An AWS account just for getting into other AWS accounts
This is the AWS account that makes having lots of AWS accounts efficient and safe. It's the most important account in your organization.   #aws   #defend


From zero to production in sixty minutes: Building a cloud platform for product development
How GSK set out to build a cloud platform to enable their product team to work in short cycles.   #strategy


FivexL's Reaction to the AWS Security Baseline for Startups
FivexL shares its outlook on AWS Security Guidelines for startups. Find out how to improve your AWS security efficiently.   #aws   #defend   #explain


GitOps Certification
Some courses (and certifications) that teach the theory of GitOps and how to apply all of these practices in your application using the Argo project family.   #containers   #explain


AWS Network Firewall Workshop
A workshop teaching how to deploy Network Firewall using infrastructure as code.   #aws   #explain


Bypassing Azure AD home tenant MFA and CA
Because of the Azure AD authentication platform architecture, users can bypass home tenant MFA and CA policies when logging in directly to resource tenants.   #attack   #azure


OCI as attestations storage for your packages
A post showing an approach to store SBOMs and Provenance in an OCI registry for software release assets.   #build   #supply-chain


Tracee Newly Released Rules Detect Attackers Out-of-the-Box
Tracee now detects suspicious behavior at runtime with an extensive data collection and rules engine with a revised signature library for an array of scenarios.   #announcement   #defend

Tools


aws-sso-reporter
This tools uses the AWS SSO API to list all users, accounts, permission sets etc. and dumps it into a CSV file for additional parsing or viewing.


alternat
A high availability AWS NAT implementation that reduces NAT Gateway costs while limiting the increased risk of operating NAT instances.


lambda-spy
A proof-of-concept Lambda external extension that demonstrates some techniques to inspect and modify raw event data. You can also refer to the companion blog post.


gce-rescue
GCE Rescue is a command-line tool to boot Google Cloud Platform VMs in Rescue Mode.

From the cloud providers


#AWS   Introducing AWS Resource Explorer - Quickly Find Resources in Your AWS Account
Using the new AWS Resource Explorer, you can now search through the AWS resources in your account across Regions using metadata such as names, tags, and IDs.


#AWS   What is AWS Resource Explorer?
Learn about Resource Explorer, an AWS service that lets you search for and find the resources in your AWS account.


#AWS   AWS CloudTrail announces delegated administrator account support for AWS Organizations
AWS CloudTrail announces support for a delegated administrator account, which provides customers with the ability to manage organization trails and CloudTrail Lake event data stores from an account other than the management account in AWS Organizations.


#AWS   Introducing Amazon EventBridge Scheduler
Amazon announced EventBridge Scheduler, a new capability from EventBridge that allows you to create, run, and manage scheduled tasks at scale.


#GCP   Traffic Director: TLS routing using Envoy gateway proxy on GKE
A sample architecture for using Traffic Director with TLS routing for workloads deployed on the GKE cluster.


#GCP   Google Kubernetes Engine Gateway controller is now GA for single cluster deployments
GCP announced the General Availability of the GKE Gateway controller, Google Cloud's implementation of the Kubernetes Gateway API, supporting single cluster deployments, in GKE 1.24+ clusters.


#GCP   GitOps with OCI Artifacts and Config Sync
Getting started with deploying your OCI artifacts and Helm charts the GitOps way with Config Sync.


#GCP   When should I use Cloud Armor?
This blog looks at a few examples where Cloud Armor might be a good fit.


#AZURE   Generally available: Block domain fronting behavior on newly created customer resources
All newly created Azure Front Door, Azure Front Door (classic) or Azure CDN Standard from Microsoft (classic) resources will block any HTTP request that exhibits domain fronting behavior.


#AZURE   Public preview: Rotate SSH keys on existing AKS nodepools
You can now update SSH keys on existing AKS nodepools post deployment.


#AZURE   Introducing the Microsoft Defender for Cloud Apps data protection series
A series of blogs where the goal is to help shed light on when to use Defender for Cloud Apps and Purview to protect your data.


#AZURE   Public preview: Azure Front Door integration with managed identities
Azure Front Door now supports managed identities generated by Azure Active Directory to allow Front Door to easily and securely access other Azure AD-protected resources such as Azure Key Vault.

Thanks for reading!

If you found this newsletter helpful, I'd really appreciate if you could forward it to your friends and colleagues! πŸ‘Œ

If you have questions, comments, or feedback, let me know on Twitter (@lancinimarco / @CloudSecList), or at feedback.cloudseclist.com!

Thanks,
Marco
Forward Forward
Twitter Tweet
Share Share

How did you like this issue of CloudSecList?

1       2       3       4       5

Archives View in browser Sponsorship
Β© 2019-present CloudSecList Β· Marco Lancini