Release Date: 08/01/2023 | Issue: 169
CloudSecList is a newsletter for busy professionals who want to keep up to date with the cloud security industry. Hand-curated by Marco Lancini.

If you received it, you either subscribed or someone forwarded it to you. If you fit in the latter camp and want to subscribe, then you can click on this button:
Sign Up

Join 750+ cloud security experts to learn, share secrets, and connect
In three weekly online sessions starting January 11, hear security leaders, CISOs, industry peers, and world-renowned researchers share tactics and top actionable insights to help you prepare and adapt your strategy for 2023. No matter your level of cloud maturity, accelerate your cloud security at CloudSec 360 presented by Wiz. Hear from:
  • Pete Chronis, CISO at Paramount
  • Eric Bauer, Director of Cloud Security at Proctor & Gamble
  • Shir Tamari, Head of Research at Wiz
Secure your spot today

This week's articles

Supply-Chain Security: Evaluation of Threats and Mitigations   #ci/cd, #defend, #strategy
This blog details research into threat modeling for supply-chain, the evaluation of the effectiveness of each countermeasure such as SBOM, and the design of a centralized CI pipeline.

Incident Response Methodologies 2022   #defend, #monitor
CERT Societe Generale provides easy to use operational incident best practices.

Cloud penetration testing: Not your typical internal penetration test   #attack, #aws, #explain
A funny post where the author shares the stages of ignorance and awareness they encountered, so to help others progress through the early stages more quickly than they did.

State of Azure IAM 2022   #azure, #iam
Azure IAM has seen major growth with 2710 new permissions and 60 new built-in roles added in 2022.

Cross-tenant network bypass in Azure Cognitive Search   #attack, #azure
How enabling a single vulnerable feature removed the entire network and identity perimeter around internet-isolated Azure Cognitive Search instances.

Cloud Cred Harvesting Campaign   #attack, #aws
A credential harvesting campaign targeting cloud infrastructure. The majority of the victim system were running public facing Juptyer Notebooks.

Kubernetes 1.26: Introducing Validating Admission Policies   #announcement, #explain, #kubernetes
In Kubernetes 1.26, the 1st alpha release of validating admission policies is available. Validating admission policies use the Common Expression Language (CEL) to offer a declarative, in-process alternative to validating admission webhooks.

Kubernetes v1.26: GA Support for Kubelet Credential Providers   #explain, #kubernetes
Kubernetes v1.26 introduced generally available (GA) support for kubelet credential provider plugins, offering an extensible plugin framework to dynamically fetch credentials for any container image registry.


Chronicle Detection Rules
This repository contains helper functions and detection rules that could be helpful to customers of Chronicle.

Creates PolicyReports based on the different Trivy Operator CRDs like VulnerabilityReports.

Creates log exports at the project, folder, or organization level.

Runs checks to see if an EKS cluster follows EKS Best Practices.

Stores secrets in DynamoDB, encrypted at rest.

An admission controller service and kubectl plugin to handle container drift in K8s clusters.


AlphaSOC: Security Analytics for Splunk
Using Splunk for threat detection and response? Instantly detect both known and unknown emerging threats using Network Behavior Analytics for Splunk, which is free to download from Splunkbase. Hundreds of security teams use the AlphaSOC Splunk app to process network telemetry and solve 70+ use cases including the detection of C2 beacons, DNS tunneling, anonymizing circuit traffic, data exfiltration, cryptomining, and spear phishing attacks.
Download Network Behavior Analytics for Splunk

From the cloud providers

AWS Icon  Architecting your security model in AWS for legacy application migrations
Architecture guidelines for setting up access to commonly used resources by building a security model in AWS.

AWS Icon  Introducing the Security Design of the AWS Nitro System whitepaper
AWS recently released a whitepaper on the Security Design of the AWS Nitro System, a combination of purpose-built server designs, data processors, system management components, and specialized firmware that serves as the underlying virtualization technology that powers all EC2 instances launched since early 2018.

AWS Icon  AWS CIRT announces the release of five publicly available workshops
AWS released five workshops that simulate security events to help you learn the tools and procedures that AWS CIRT uses on a daily basis to detect, investigate, and respond to such security events.

GCP Icon  Proactive Network Monitoring with GCP Network Analyzer
Post exploring the different insights provided by Network Analyzer and how to configure alerts for them.

GCP Icon  Using Asset Insights
Cloud Asset Insights provides insights based on the IAM policies associated with your organization's resources. It is a part of the Recommender service.

Thanks for reading!

If you found this newsletter helpful, I'd really appreciate if you could forward it to your friends and colleagues! 👌

If you have questions, comments, or feedback, let me know on Twitter (@lancinimarco / @CloudSecList), or at!

Forward Forward
Twitter Tweet
Share Share

How did you like this issue of CloudSecList?

1       2       3       4       5

Archives View in browser Sponsorship
© 2019-present, CloudSecList by Marco Lancini.