Release Date: 05/03/2023 | Issue: 177
CloudSecList is a newsletter for busy professionals who want to keep up to date with the cloud security industry. Hand-curated by Marco Lancini.

If you received it, you either subscribed or someone forwarded it to you. If you fit in the latter camp and want to subscribe, then you can click on this button:
Sign Up

Exposures exist across networks. But can you see how attackers combine these exposures together to reach critical assets? And more importantly, can you see what should be remediated first in order to prevent the attack?
Dive into 11 real-life stories that show how attackers leverage exposures such as vulnerabilities, misconfigurations, overly permissive credentials, and more, leading straight to critical assets – and find out how your organization can improve its security posture!
Download XM Cyber’s latest ebook, What We Found: 2022’s Most Potent Attack Paths

This week's articles

The Audit Log Wall of Shame   #monitor
A list of vendors that don't prioritize high-quality, widely-available audit logs for security and operations teams.

Five Things You Need to Know About Malware on Storage Buckets   #attack, #aws, #gcp
An overview of malware in cloud storage buckets and mitigation best practices.

How Attackers Can Exploit GCP's Multicloud Workload Solution   #attack, #defend, #gcp
A deep dive into the inner workings of GCP Workload Identity Federation, taking a look at risks and how to avoid misconfigurations.

AWS EC2 IMDS - What You Need to Know   #aws, #explain
A technical review of IMDSv2.

How to secure Kubernetes Ingress?   #build, #kubernetes
How to secure Kubernetes Ingress resources by adding TLS and then procuring TLS/SSL certificates.

Introducing KWOK: Kubernetes WithOut Kubelet   #announcement, #kubernetes
Have you ever wondered how to set up a cluster of thousands of nodes just in seconds, how to simulate real nodes with a low resource footprint, and how to test your Kubernetes controller at scale without spending much on infrastructure? If you answered "yes" to any of these questions, then you might be interested in KWOK, a toolkit that enables you to create a cluster of thousands of nodes in seconds.

Temporary policy exceptions in Kubernetes with Kyverno   #explain, #kubernetes
Policy Exceptions are a way to provide even more control over which resources get excluded from the scope of a policy but, most importantly, they allow decoupling of the policy from those exclusions.

containerd completes fuzzing audit   #cncf, #defend
The containerd project completed a comprehensive fuzzing audit which added 28 fuzzers covering a wide range of container runtime functionality. During this audit a vulnerability was uncovered in the OCI image importer.


This CLI tool makes it easy to deploy a static website to AWS. It builds and hosts the website, sets up a CDN and DNS, and provisions an SSL certificate.

Create notes during a security code review in VSCode, import your favorite SAST tool findings, and collaborate with others.

Flags malicious and vulnerable open-source dependencies in your software supply-chain.

Detect and remediate misconfigurations and security risks across all your GitHub and GitLab assets.

Using these three actions, you can assemble a workflow to create, use, and destroy infrastructure managed by Terraform Cloud.


VPC Security
Some notes on Security Groups, ACLs, and VPC Flow Logs.


AlphaSOC: Security Analytics for Splunk
Using Splunk for threat detection and response? Instantly detect both known and unknown emerging threats using Network Behavior Analytics for Splunk, which is free to download from Splunkbase. Hundreds of security teams use the AlphaSOC Splunk app to process network telemetry and solve 70+ use cases including the detection of C2 beacons, DNS tunneling, anonymizing circuit traffic, data exfiltration, cryptomining, and spear phishing attacks.
Download Network Behavior Analytics for Splunk

From the cloud providers

AWS Icon  Considerations for the security operations center in the cloud: deployment using AWS security services
Post focusing on Security Hub, is a cloud security posture management service that SOC teams can use to perform security best practice checks and aggregate alerts.

AWS Icon  Three ways to boost your email security and brand reputation with AWS
Several industry-standard mechanisms can help prevent your domain from being used as part of a phishing attack.

GCP Icon  Why you should migrate to network firewall policies from VPC Firewall rules
Google Cloud has released a guide on best practices to help you migrate firewall rules from VPC firewall rules to network firewall policies.

GCP Icon  Open Policy Agent Evaluate Infrastructure Score
How to use a score-based evaluation during the pre-provisioning stage.

Azure Icon  Azure Virtual Network Manager Event Logging now in public preview
You can now monitor changes in network group membership by accessing event logs.

Azure Icon  Public preview: Confidential containers on ACI
ACI now lets you run containers in a trusted execution environment (TEE).

Azure Icon  Preview support for Kata VM Isolated Containers on AKS for Pod Sandboxing
Azure Kubernetes Service (AKS) now supports pod sandboxing in preview in all Azure regions on a subset of Azure VM Sizes that support Nested Virtualization.

Thanks for reading!

If you found this newsletter helpful, I'd really appreciate if you could forward it to your friends and colleagues! πŸ‘Œ

If you have questions, comments, or feedback, let me know on Twitter (@lancinimarco / @CloudSecList), or at!

Forward Forward
Twitter Tweet
Share Share

How did you like this issue of CloudSecList?

1       2       3       4       5

Archives View in browser Sponsorship
Β© 2019-present, CloudSecList by Marco Lancini.