Release Date: 20/11/2022 | Issue: 164
CloudSecList is a newsletter for busy professionals who want to keep up to date with the cloud security industry. Hand-curated by Marco Lancini.

If you received it, you either subscribed or someone forwarded it to you. If you fit in the latter camp and want to subscribe, then you can click on this button:
Sign Up

✅ DevSecGuide to Infrastructure as Code ✅
Learn key actionable IaC security insights for shifting your security left in the complete DevSecGuide to IaC. Inside, you’ll learn how to improve the consistency of your cloud configurations, reduce manual work, and foster collaboration between security and DevOps teams by leveraging IaC and cloud DevSecOps. Plus, you’ll get insights into:
  • Research on the state of IaC security
  • Steps for embracing a DevSecOps culture
  • Tips for embedding IaC security throughout the DevOps lifecycle
  • And more!
Get the DevSecGuide to IaC for free!

This week's articles

Cloud Security Table Top Exercises   #aws, #monitor, #defend
Really interesting table top exercises designed to start a conversation. Although they are focused towards AWS and not all of them will be applicable to every environment, I highly recommend to try them with your monitoring team.

Vulnerability Management at Lyft: Enforcing the Cascade   #containers, #defend, #kubernetes
Blog detailing the systems Lyft built to address OS and OS-package level vulnerabilities in a timely manner across hundreds of services run on Kubernetes.

SLSA: The Source of the problem   #attack, #ci/cd, #defend, #supply-chain
A well-written article on software supply chain security, covering: SLSA, different strategies for attacking Source Code Management (SCM), and attack trees.

The Many Ways to Access RDS   #aws, #explain, #iam
An overview of RDS access management capabilities along with examples using Terraform.

A Deep Dive on AWS KMS Key Access and AWS Key Grants   #aws, #explain, #iam
A deep dive on KMS Key Access via KMS Key Grants and best practices with KMS Key Grants. Access via KMS Key Grants can be a forgotten means of allowing unauthorized applications, users, and other undesired access to use and manage KMS Keys.

Token tactics: How to prevent, detect, and respond to cloud token theft   #attack, #azure
As organizations increase their coverage of multifactor authentication (MFA), threat actors have begun to move to more sophisticated techniques to allow them to compromise corporate resources without needing to satisfy MFA. Recently, the Microsoft Detection and Response Team (DART) has seen an increase in attackers utilizing token theft for this purpose.

Layers Of Cloud Azure And The Mis-Storage Of Secrets   #azure, #defend
Ever wondered how storing secrets in the cloud can go wrong? This talk by @_sigil at BSides Toronto 2022 looks at common ways passwords should be stored.

Abusing tcp tunneling in Azure Bastion   #attack, #azure
How Azure Bastion Native Client support works, and how an adversary could abuse this feature to perform attacks against Azure VMs over private IP addresses, without having direct network connectivity to the VM.

Getting Started With Ephemeral Containers   #explain, #kubernetes
If you're following the latest news on Kubernetes, you probably would have heard about Ephemeral Containers. Not sure? This blog post sheds some light on this new feature soon to be stable in Kubernetes v1.25.

Infosys leaked FullAdminAccess AWS keys on PyPi for over a year   #attack, #aws
They appear to issue AWS keys to developers that are not rotated for several years and store these keys in git. They also don't have a clear place to report security issues like this.


Automated Cleanup of Unused Google Cloud Projects. You can also refer to the companion blog post.

Get a full remote Linux server with a problem and fix it.

Tool and policy library for reviewing Google Kubernetes Engine clusters against best practices.

Tools for managing DNS across multiple providers.

GuardDog is a CLI tool to Identify malicious PyPI packages.

Pivit is a command line tool for managing x509 certificates stored on smart cards with PIV applet support (Yubikey), and using those certificates to sign and verify data.

From the cloud providers

AWS Icon  You can now assign multiple MFA devices in IAM
Now, you can add multiple MFA devices to AWS account root users and AWS Identity and IAM users in your AWS accounts.

AWS Icon  Enrich VPC Flow Logs with resource tags and deliver data to Amazon S3 using Amazon Kinesis Data Firehose
How to enrich flow logs with tags associated with resources from VPC flow logs in a completely serverless model using Kinesis Data Firehose and the recently launched Amazon VPC IP Address Manager (IPAM), and also analyze and visualize the flow logs using Amazon Athena and Amazon QuickSight.

AWS Icon  Amazon S3 request-level information on use of ACLs coming to S3 server access logs and AWS CloudTrail
Amazon S3 server access logs and AWS CloudTrail logs will soon contain information to identify S3 requests that rely upon an access control list (ACL) for authorization to succeed.

GCP Icon  Introducing IAM Deny, a simple way to harden your security posture at scale
With IAM Deny policies, you can create rules that broadly restrict resource access. It provides a powerful, coarse-grained access control to help implement security policies at scale.

GCP Icon  Introducing Cloud Armor features to help improve efficacy: advanced rule tuning and auto deploy
With Cloud Armor's latest update, customers can customize WAF rules with tuning options that help reduce the number of false positive alerts that may be generated for particularly sensitive applications.

GCP Icon  BigQuery - Data Security at rest
A 5 part series discussing the different security controls for Bigquery at Rest.

Azure Icon  Announcing new capabilities for Azure Firewall
Microsoft shared several key Azure Firewall capabilities as well as updates on recent important releases into general availability (GA) and preview.

Thanks for reading!

If you found this newsletter helpful, I'd really appreciate if you could forward it to your friends and colleagues! 👌

If you have questions, comments, or feedback, let me know on Twitter (@lancinimarco / @CloudSecList), or at!

Forward Forward
Twitter Tweet
Share Share

How did you like this issue of CloudSecList?

1       2       3       4       5

Archives View in browser Sponsorship
© 2019-present, CloudSecList by Marco Lancini.