This week's articles
State of Azure IAM 2022
#azure, #iam
Azure IAM has seen major growth with 2710 new permissions and 60 new built-in roles added in 2022.
Cloud Cred Harvesting Campaign
#attack, #aws
A credential harvesting campaign targeting cloud infrastructure. The majority of the victim system were running public facing Juptyer Notebooks.
Kubernetes 1.26: Introducing Validating Admission Policies
#announcement, #explain, #kubernetes
In Kubernetes 1.26, the 1st alpha release of validating admission policies is available. Validating admission policies use the Common Expression Language (CEL) to offer a declarative, in-process alternative to validating admission webhooks.
|
|
Tools
Chronicle Detection Rules
This repository contains helper functions and detection rules that could be helpful to customers of Chronicle.
hardeneks
Runs checks to see if an EKS cluster follows EKS Best Practices.
confidant
Stores secrets in DynamoDB, encrypted at rest.
kube-exec-controller
An admission controller service and kubectl plugin to handle container drift in K8s clusters.
|
|
Sponsor
AlphaSOC: Security Analytics for Splunk Using Splunk for threat detection and response? Instantly detect both known and unknown emerging threats using Network Behavior Analytics for Splunk, which is free to download from Splunkbase. Hundreds of security teams use the AlphaSOC Splunk app to process network telemetry and solve 70+ use cases including the detection of C2 beacons, DNS tunneling, anonymizing circuit traffic, data exfiltration, cryptomining, and spear phishing attacks. Download Network Behavior Analytics for Splunk
|
|
|
From the cloud providers
Using Asset Insights
Cloud Asset Insights provides insights based on the IAM policies associated with your organization's resources. It is a part of the Recommender service.
|
|
Thanks for reading!
|
If you found this newsletter helpful, I'd really appreciate if you could forward it to your friends and colleagues! 👌 If you have questions, comments, or feedback, let me know on Twitter ( @lancinimarco / @CloudSecList), or at feedback.cloudseclist.com! Thanks, Marco
|
|
|