Release Date: 12/03/2023 | Issue: 178
CloudSecList is a newsletter for busy professionals who want to keep up to date with the cloud security industry. Hand-curated by Marco Lancini.

If you received it, you either subscribed or someone forwarded it to you. If you fit in the latter camp and want to subscribe, then you can click on this button:
Sign Up

JupiterOne: Know What You’re Defending
Perhaps the biggest problem in cybersecurity today is that companies don’t have a good understanding of what they’re defending. JupiterOne solves this foundational issue by collecting everything you own into a single system of record that includes cloud infrastructure, endpoints, DNS, SaaS apps, and more.
It connects the dots using graph-based technologies, allowing you to ask complex Attack Surface Questions, like “Show me all VMware-based systems associated with our crown jewels and that have something facing the internet.”
Start your free account today

This week's articles

What the fork: Imposter Commits in GitHub Actions and CI/CD   #attack, #ci/cd
A vulnerability in GitHub Actions that bypasses allowed Workflow settings by using commits from forked repositories.

From Pod Security Policies to Pod Security Standards, a Migration Guide   #defend, #kubernetes
Pod Security Policies were removed in Kubernetes v1.25. Learn how to migrate from Pod Security Policies to Pod Security Standards.

Google Cloud Platform Exfiltration: A Threat Hunting Guide   #gcp, #monitor
Some security gaps that every organization using GCP should be aware of in order to protect itself from data exfiltration.

A New Incentive for Using AWS VPC Endpoints   #aws, #explain
If you haven't been using VPC endpoints until now, AWS's two new condition keys should make you consider doing so.

fun-with-vpc-endpoints   #aws, #explain
Two interactive demos of VPC endpoints, how to use them and how VPC Endpoint Policies can be used in practice.

Understanding the Integration Between KMS and Secrets Manager on AWS   #aws, #explain
Post covering the integration between KMS and Secrets Manager on AWS, to better understand how they work.

Reducing Attack Surface with AWS Allowlisting   #attack, #defend
A detailed look at implementing Region and Service allowlisting in AWS.

Pivoting with Azure Automation Account Connections   #attack, #azure
How Automation Accounts handle authenticating as other accounts within a runbook, and how to abuse those authentication connections to pivot to other Azure resources.

Vault 1.13 adds Kubernetes Operator, MFA improvements, and more   #announcement, #vault
HashiCorp Vault 1.13 brings enhancements to team workflows, integrations, and visibility.


Helpers to manage you systems with AWS Systems Manager suite of management tools.

Cloudlist is a tool for listing Assets from multiple Cloud Providers.

APE takes all of your AWS IAM policies attached to a User, Group, or Role object, and presents you with a single policy, summarizing all of their actual permissions. You can also refer to the companion blog post.

Vulnerable app with examples showing how to not use secrets.

Lambda Looter will take a list of profiles and scan through them and download the code you have access to and then process that code for secrets outputting any potential secrets to a loot directory.


The Cloud Security Workflow Handbook
The Wiz research team surveyed security orgs at hyper-scaling enterprises to uncover how they’re adapting in 2023+. They packed their best-practices, frameworks, and templates into this playbook including:
  • A breakdown of the three pillars of the modern cloud security operating model best-in-class orgs are moving to.
  • A 4-step roadmap used by the fastest-growing companies to adapt to the new threat landscape.
  • Plus: Goals and KPI templates for your team to track based on maturity stage presented in a convenient cheat sheet.
Download the Handbook for Free

From the cloud providers

AWS Icon  How to use policies to restrict where EC2 instance credentials can be used from
AWS launched two new global condition context keys that make it simpler for you to write policies in which EC2 instance credentials work only when used on the instance to which they are issued.

AWS Icon  AWS managed policies
AWS just launched a new Managed Policy Reference Guide with 1k+ policies.

AWS Icon  Modern data protection architecture on Amazon S3
How to implement a solution to protect business-critical assets stored in S3 by using S3 Replication and S3 Object Lock to create an immutable copy of the data in a separate AWS account.

AWS Icon  Establishing a data perimeter on AWS: Allow only trusted resources from my organization
Post explaining the resource perimeter, the control objectives achieved by the perimeter, and how to write SCPs and VPC endpoint policies that help achieve these objectives for your organization.

Azure Icon  4 best-practices to keep your Windows Server estate secure and optimized
Watch for update notifications and have a strategy to apply the latest security patches, Get deeper visibility and management capabilities, Check for end of support versions and prepare to modernize, Utilize cloud-native services for enhanced security and compliance anywhere.

Azure Icon  Public Preview: Collect Syslog from AKS nodes using Azure Monitor - Container Insights
Customers can now collect Syslog from their AKS Clusters using Azure Monitor - Container Insights.

Thanks for reading!

If you found this newsletter helpful, I'd really appreciate if you could forward it to your friends and colleagues! 👌

If you have questions, comments, or feedback, let me know on Twitter (@lancinimarco / @CloudSecList), or at!

Forward Forward
Twitter Tweet
Share Share

How did you like this issue of CloudSecList?

1       2       3       4       5

Archives View in browser Sponsorship
© 2019-present, CloudSecList by Marco Lancini.