Release Date: 12/03/2023 | Issue: 178
Know someone who'd find this useful? Forward this email
CloudSecList is a newsletter for busy professionals who want to keep up to date with the cloud security industry. Hand-curated by Marco Lancini.
Sponsor

JupiterOne: Know What You’re Defending
Perhaps the biggest problem in cybersecurity today is that companies don’t have a good understanding of what they’re defending. JupiterOne solves this foundational issue by collecting everything you own into a single system of record that includes cloud infrastructure, endpoints, DNS, SaaS apps, and more.
It connects the dots using graph-based technologies, allowing you to ask complex Attack Surface Questions, like “Show me all VMware-based systems associated with our crown jewels and that have something facing the internet.”
Start your free account today

This week's articles


What the fork: Imposter Commits in GitHub Actions and CI/CD
A vulnerability in GitHub Actions that bypasses allowed Workflow settings by using commits from forked repositories.   #attack   #ci/cd


From Pod Security Policies to Pod Security Standards, a Migration Guide
Pod Security Policies were removed in Kubernetes v1.25. Learn how to migrate from Pod Security Policies to Pod Security Standards.   #defend   #kubernetes


Google Cloud Platform Exfiltration: A Threat Hunting Guide
Some security gaps that every organization using GCP should be aware of in order to protect itself from data exfiltration.   #gcp   #monitor


A New Incentive for Using AWS VPC Endpoints
If you haven't been using VPC endpoints until now, AWS's two new condition keys should make you consider doing so.   #aws   #explain


fun-with-vpc-endpoints
Two interactive demos of VPC endpoints, how to use them and how VPC Endpoint Policies can be used in practice.   #aws   #explain


Understanding the Integration Between KMS and Secrets Manager on AWS
Post covering the integration between KMS and Secrets Manager on AWS, to better understand how they work.   #aws   #explain


Reducing Attack Surface with AWS Allowlisting
A detailed look at implementing Region and Service allowlisting in AWS.   #attack   #defend


Pivoting with Azure Automation Account Connections
How Automation Accounts handle authenticating as other accounts within a runbook, and how to abuse those authentication connections to pivot to other Azure resources.   #attack   #azure


Vault 1.13 adds Kubernetes Operator, MFA improvements, and more
HashiCorp Vault 1.13 brings enhancements to team workflows, integrations, and visibility.   #announcement   #vault

Sponsor

The Cloud Security Workflow Handbook
The Wiz research team surveyed security orgs at hyper-scaling enterprises to uncover how they’re adapting in 2023+. They packed their best-practices, frameworks, and templates into this playbook including:
  • A breakdown of the three pillars of the modern cloud security operating model best-in-class orgs are moving to.
  • A 4-step roadmap used by the fastest-growing companies to adapt to the new threat landscape.
  • Plus: Goals and KPI templates for your team to track based on maturity stage presented in a convenient cheat sheet.
Download the Handbook for Free

Tools


ssm-helpers
Helpers to manage you systems with AWS Systems Manager suite of management tools.


cloudlist
Cloudlist is a tool for listing Assets from multiple Cloud Providers.


IAM APE
APE takes all of your AWS IAM policies attached to a User, Group, or Role object, and presents you with a single policy, summarizing all of their actual permissions. You can also refer to the companion blog post.


wrongsecrets
Vulnerable app with examples showing how to not use secrets.


LambdaLooter
Lambda Looter will take a list of profiles and scan through them and download the code you have access to and then process that code for secrets outputting any potential secrets to a loot directory.

From the cloud providers


#AWS   How to use policies to restrict where EC2 instance credentials can be used from
AWS launched two new global condition context keys that make it simpler for you to write policies in which EC2 instance credentials work only when used on the instance to which they are issued.


#AWS   AWS managed policies
AWS just launched a new Managed Policy Reference Guide with 1k+ policies.


#AWS   Modern data protection architecture on Amazon S3
How to implement a solution to protect business-critical assets stored in S3 by using S3 Replication and S3 Object Lock to create an immutable copy of the data in a separate AWS account.


#AWS   Establishing a data perimeter on AWS: Allow only trusted resources from my organization
Post explaining the resource perimeter, the control objectives achieved by the perimeter, and how to write SCPs and VPC endpoint policies that help achieve these objectives for your organization.


#AZURE   4 best-practices to keep your Windows Server estate secure and optimized
Watch for update notifications and have a strategy to apply the latest security patches, Get deeper visibility and management capabilities, Check for end of support versions and prepare to modernize, Utilize cloud-native services for enhanced security and compliance anywhere.


#AZURE   Public Preview: Collect Syslog from AKS nodes using Azure Monitor - Container Insights
Customers can now collect Syslog from their AKS Clusters using Azure Monitor - Container Insights.

Thanks for reading!

If you found this newsletter helpful, I'd really appreciate if you could forward it to your friends and colleagues! 👌

If you have questions, comments, or feedback, let me know on Twitter (@lancinimarco / @CloudSecList), or at feedback.cloudseclist.com!

Thanks,
Marco
Forward Forward
Twitter Tweet
Share Share

How did you like this issue of CloudSecList?

1       2       3       4       5

Archives View in browser Sponsorship
© 2019-present CloudSecList · Marco Lancini