Release Date: 18/12/2022 | Issue: 168
CloudSecList is a newsletter for busy professionals who want to keep up to date with the cloud security industry. Hand-curated by Marco Lancini.

If you received it, you either subscribed or someone forwarded it to you. If you fit in the latter camp and want to subscribe, then you can click on this button:
Sign Up
πŸŽ„ Holiday Break πŸŽ„
After this issue, I will take a couple weeks off to disconnect and recharge. CloudSecList will return in January!

βœ… Detecting cryptomining attacks β€œin the wild” βœ…
In a world of blockchain and cryptocurrencies, detecting cryptomining should be a high priority. Read this blog by Sysdig to learn about the evolving landscape and how to detect cryptomining network activity.
Discover how you can use open source tools, such as Falco, to detect the Indicators of Compromise (IoC) in your environment.

This week's articles

A Roadmap to Zero Trust Architecture   #build, #defend, #strategy
This roadmap was built by security experts to provide a vendor agnostic Zero Trust architecture and example implementation timeline.

Introducing PEACH, a tenant isolation framework for cloud applications   #defend, #strategy
A step-by-step framework for modeling and improving SaaS and PaaS tenant isolation by reducing your cloud applications' attack surface.

AWS ECR Public Vulnerability   #attack, #aws
A vulnerability that allowed external actors to delete, update, and create ECR Public images, layers, and tags in registries and repositories that belong to other AWS Accounts, by abusing undocumented internal ECR Public API actions.

Announcing OSV-Scanner: Vulnerability Scanner for Open Source   #announcement, #supply-chain
Google released OSV-Scanner, a free tool that gives open source developers easy access to vulnerability information relevant to their project.

Redshift Security: Attack Surface Explained   #attack, #aws
Understand how an attacker can leverage Redshift default permissions to perform lateral movement and privilege escalation.

Unusual Cache Poisoning between Akamai and S3 buckets   #attack, #aws
A post presenting an unusual way of Cache Poisoning which happens between Akamai and Amazon S3 Buckets.

How DoorDash Secures Data Transfer Between Cloud and On-Premise Data Centers   #aws, #defend
How DoorDash built a secure data transfer to a new payment processing vendor by establishing a private network link using AWS Direct Connect.

Detecting Cloud Account Takeover Attacks   #aws, #azure, #gcp, #monitor
The Splunk Threat Research Team shares a closer look at the telemetry available in Azure, AWS and GCP and the options teams have to ingest this data into Splunk.

Signatus, ergo securus? Who can sign what with TUF and Sigstore   #explain, #supply-chain
A signature is only useful if consumers verify it correctly. One common failure mode is to verify that some software was signed, but not check who signed it.

Kubernetes v1.26: Electrifying   #announcement, #kubernetes
Kubernetes v1.26 will see some security-related improvements, like signing release artifacts with cosign, and the introduction of CEL (Common Expression Language) to make admission controllers easier to develop.


A Server Side Request Forgery (SSRF) protection library. You can also refer to the companion blog post. is a site that allows you to inspect the contents of Docker images.

YaraHunter scans container images, running Docker containers, and filesystems to find indicators of malware.

Find outdated or deprecated Helm charts running in your cluster.

GitHub report is a simple tool that collects data from repositories and send them to a dedicated Slack channel as a weekly feed.

A kubectl plugin to visualize Kubernetes resources and relationships.

From the cloud providers

AWS Icon  Advanced Notice: Amazon S3 will automatically enable S3 Block Public Access
Starting in April 2023, S3 will introduce two new default bucket security settings by automatically enabling S3 Block Public Access and disabling S3 access control lists (ACLs) for all new S3 buckets. There is no change for existing buckets.

AWS Icon  Configuration driven dynamic multi-account CI/CD solution on AWS
Post presenting a configuration driven dynamic CI/CD solution per repository.

AWS Icon  Prepare for consolidated controls view and consolidated control findings in AWS Security Hub
Security Hub is aiming to release two new features in the first quarter of 2023 that will decouple controls from standards and streamline how you view and receive control findings.

GCP Icon  How we validated the security controls of our new Confidential Space
A whitepaper demonstrating the level of security review and threat modelling any Google product goes through.

GCP Icon  Google Cloud infrastructure reliability guide
Introduces the building blocks of reliability in Google Cloud, and provides architectural recommendations to design reliable infrastructure for your cloud workloads.

Thanks for reading!

If you found this newsletter helpful, I'd really appreciate if you could forward it to your friends and colleagues! πŸ‘Œ

If you have questions, comments, or feedback, let me know on Twitter (@lancinimarco / @CloudSecList), or at!

Forward Forward
Twitter Tweet
Share Share

How did you like this issue of CloudSecList?

1       2       3       4       5

Archives View in browser Sponsorship
Β© 2019-present, CloudSecList by Marco Lancini.