Release Date: 27/11/2022 | Issue: 165
CloudSecList is a newsletter for busy professionals who want to keep up to date with the cloud security industry. Hand-curated by Marco Lancini.

✅ The Modern Cybersecurity Must-Haves ✅
Learn how to Strengthen Cybersecurity with Shift-left and Shield-right Practices, the underpinnings of modern cybersecurity programmes. Discover how to be more effective in detecting and responding to security vulnerabilities and incidents in modern cloud-native application architectures.
Get the expert cloud security insights and strategies!

This week's articles

Using Sigstore to meet FedRAMP Compliance at Autodesk   #defend, #supply-chain
One of the more difficult challenges faced by platform developers: striking the right balance between freedom and security. How do you give product developers the tools to build apps while securing those projects at scale?

The Palantir's journey to passwordless FIDO2 auth   #defend, #strategy
The first in a series by Palantir InfoSec on our journey enforcing FIDO2 authentication via hardware authenticators (YubiKeys) across all of Palantir.

AWS pre:Invent 2022   #announcement, #aws
Chris Farris highlights AWS's interesting and impactful security announcements in the lead-up to AWS re:Invent.

Email Graffiti: hacking old email   #attack, #aws, #gcp
Hacking images in old Emails, by registering the buckets or domains they point to, allows to vandalize old emails.

How to Bypass Cloudflare: A Comprehensive Guide   #attack, #cloudflare
A guide which covers what is Cloudflare Bot Management, how Cloudflare detects bots, and how to reverse engineer and bypass Cloudflare.

A Confused Deputy Vulnerability in AWS AppSync   #attack, #aws
A cross-tenant vulnerability in AWS AppSync, which allowed an attacker to access data in victims' accounts.

A dive into Microsoft Defender for Identity   #attack, #azure, #explain
Synacktiv recently analyzed the detection capabilities of Microsoft Defender for Identity, a cloud-based security solution which is the successor of Microsoft Advanced Threat Analytics and part of Microsoft Defender 365.

Kubernetes 1.25: KMS V2 Improvements   #announcement, #explain, #kubernetes
With Kubernetes v1.25, SIG Auth is introducing a new v2alpha1 version of the Key Management Service (KMS) API. KMS provides an interface for a provider to utilize a key stored in an external key service to perform encryption operations.


A distroless image containing only git and related utilities.

A Python library to utilize AWS API Gateway's large IP pool as a proxy to generate pseudo-infinite IPs for web scraping and brute forcing.

Finch is an open source client for container development. You can also refer to the companion blog post.

Run kubectl commands in all/some contexts in parallel (similar to GNU xargs/parallel).

The API traffic viewer for Kubernetes providing deep visibility into all API traffic and payloads going in, out and across containers and pods inside a Kubernetes cluster.

The GitHub Actions Importer helps you plan and automate the migration of Azure DevOps, CircleCI, GitLab, Jenkins, and Travis CI pipelines to GitHub Actions.

From the cloud providers

AWS Icon  Three recurring Security Hub usage patterns and how to deploy them
The top three most commonly used Security Hub usage patterns: dashboard for application owners, a single pane of glass for security professionals, and centralized routing to a SIEM solution.

AWS Icon  AWS Secrets Manager now supports rotation of secrets as often as every four hours
With this launch, you can now use Secrets Manager to automate the rotation of credentials and access tokens that need to be refreshed more than once per day.

AWS Icon  Introducing payload-based message filtering for Amazon SNS
AWS introduced the use of payload-based message filtering for SNS, which provides event routing for JSON-formatted messages. This enables you to write filter policies based on the contents of the messages published to SNS.

AWS Icon  Manage your resources from AWS Organizations using AWS CloudFormation
AWS CloudFormation now supports accounts, OUs, and policies from AWS Organizations. Now you can easily manage your organization using IaC as stacks in CloudFormation.

AWS Icon  Establishing a data perimeter on AWS: Allow only trusted identities to access company data
An overview of some of the security risks the identity perimeter is designed to address, policy examples, and implementation guidance for establishing the perimeter.

GCP Icon  GCP Cloud Asset Inventory Feed: Get real time notifications on Resource Changes
A tutorial showing how to subscribe to Cloud Asset Inventory's real-time notifications for changes, and get an alert when a Google Compute Engine Instance with a Public IP is created.

Azure Icon  Public preview: Azure Bastion now support shareable link
Shareable links allows users to connect to target resources via Azure Bastion without access to the Azure portal.

Thanks for reading!

If you found this newsletter helpful, I'd really appreciate if you could forward it to your friends and colleagues! 👌

If you have questions, comments, or feedback, let me know on Twitter (@lancinimarco / @CloudSecList), or at!

Forward Forward
Twitter Tweet
Share Share

How did you like this issue of CloudSecList?

1       2       3       4       5

Archives View in browser Sponsorship
© 2019-present, CloudSecList by Marco Lancini.