Release Date: 22/01/2023 | Issue: 171
CloudSecList is a newsletter for busy professionals who want to keep up to date with the cloud security industry. Hand-curated by Marco Lancini.

If you received it, you either subscribed or someone forwarded it to you. If you fit in the latter camp and want to subscribe, then you can click on this button:
Sign Up

JupiterOne: Know What You’re Defending
Perhaps the biggest problem in cybersecurity today is that companies don’t have a good understanding of what they’re defending.
JupiterOne solves this foundational issue by collecting everything you own into a single system of record that includes cloud infrastructure, endpoints, DNS, SaaS apps, and more.
It connects the dots using graph-based technologies, allowing you to ask complex Attack Surface Questions, like "Show me all VMware-based systems associated with our crown jewels and that have something facing the internet."
Start your free account today

This week's articles

New Hires, Lost Keys & Lessons Learned (Passwordless Authentication Series)   #strategy
The third in a series by Palantir InfoSec on their journey enforcing FIDO2 authentication via hardware authenticators (YubiKeys) across all of Palantir.

CircleCI incident report for January 4, 2023 security incident   #announcement, #attack, #ci/cd
Read the complete incident report from CircleCI's January 4, 2023.

Consider All Microservices Vulnerable - And Monitor Their Behavior   #kubernetes, #monitor
Although all deployed microservices are vulnerable, there is much that can be done to ensure microservices are not exploited.

Leaking Secrets From GitHub Actions   #attack, #ci/cd
Different areas that could help leaking secrets from GitHub Actions workflows vulnerable to command injection: reading files and environment variables, intercepting network/process communication, and dumping memory.

Crane: Uber's Next-Gen Infrastructure Stack   #build, #strategy
Post examining the original motivation and some key features behind Uber's been multi-year journey to reimagine their infrastructure stack for a hybrid, multi-cloud world.

AWS CloudTrail vulnerability: Undocumented API allows CloudTrail bypass   #attack, #aws
The Datadog Security Research Team identified a method to bypass CloudTrail logging for specific IAM API requests via undocumented APIs. This technique would allow an adversary to perform reconnaissance activities in the IAM service after gaining a foothold in an AWS account, without leaving any trace of their actions in CloudTrail.

SSH key injection in Google Cloud Compute Engine   #attack, #gcp
A bug which had the impact of a single-click RCE in a victim user's Compute Engine instance.

Unauthenticated SSRF Vulnerability on Azure Functions   #attack, #azure
How the Orca Security team uncovered an SSRF Vulnerability in the Azure Functions app, allowing any unauthenticated user to request any URL by abusing the server.

Azure Active Directory Flaw Allowed SAML Persistence   #attack, #azure
A vulnerability in Azure Active Directory (Azure AD) allowed a user to retain access to a targeted Security Assertion Markup Language (SAML) application.

EmojiDeploy: Smile! Your Azure web service just got RCE'd   #attack, #azure
A remote code execution vulnerability affecting Azure cloud services and other cloud sovereigns including Function Apps, App Service and Logic Apps.


This package provides an easy way to create a refreshable boto3 Session with AWS Roles Anywhere.

containerdbg is an all-in-one command-line tool to help debug Kubernetes containers with common issues that arouse when moving to containers as part of legacy application modernization.

A program which ensures source code files have copyright license headers by scanning directory patterns recursively.

Terraform modules for Google Cloud, made by Google Cloud.


✨ ✨ Wiz Research latest reads ✨ ✨
New research from Wiz shows that 40% of cloud environments with managed K8s clusters have at least one pod that is vulnerable to attackers moving laterally between Kubernetes and cloud domains. In our latest blog post, we review how attackers can use those types of weaknesses to move laterally from K8s to the cloud and steps you can take to protect your organization.

Read the blogs here:
Lateral Movement Risks in the Cloud – Part 1
Lateral Movement Risks in the Cloud – Part 2

From the cloud providers

AWS Icon  Setting up a secure CI/CD pipeline in a private Amazon Virtual Private Cloud with no public internet access
Walk through the steps required to build a secure, private continuous integration/continuous development (CI/CD) pipeline with no public internet access while maintaining log retention in Amazon CloudWatch.

AWS Icon  How to revoke federated users' active AWS sessions
How to revoke access to specific users' sessions on AWS assumed roles through the use of AWS IAM policies and service control policies (SCPs) via AWS Organizations.

AWS Icon  Use AWS WAF CAPTCHA to protect your application against common bot traffic
How to use a CAPTCHA with other AWS WAF controls as part of a layered approach to provide comprehensive protection against bot traffic.

GCP Icon  Log Analytics in Cloud Logging is now GA
Cloud Logging's Log Analytics, with advanced search, as well as aggregation and transformation of all log data types, is now generally available.

GCP Icon  Four phases of security transformation in financial services
Key principles that can serve as your guide when navigating a cloud security transformation journey.

Thanks for reading!

If you found this newsletter helpful, I'd really appreciate if you could forward it to your friends and colleagues! 👌

If you have questions, comments, or feedback, let me know on Twitter (@lancinimarco / @CloudSecList), or at!

Forward Forward
Twitter Tweet
Share Share

How did you like this issue of CloudSecList?

1       2       3       4       5

Archives View in browser Sponsorship
© 2019-present, CloudSecList by Marco Lancini.