Release Date: 09/04/2023 | Issue: 182
CloudSecList is a newsletter for busy professionals who want to keep up to date with the cloud security industry. Hand-curated by Marco Lancini.

If you received it, you either subscribed or someone forwarded it to you. If you fit in the latter camp and want to subscribe, then you can click on this button:
Sign Up

JupiterOne: Know What You’re Defending
Perhaps the biggest problem in cybersecurity today is that companies don’t have a good understanding of what they’re defending. JupiterOne solves this foundational issue by collecting everything you own into a single system of record that includes cloud infrastructure, endpoints, DNS, SaaS apps, and more.
It connects the dots using graph-based technologies, allowing you to ask complex Attack Surface Questions, like “Show me all VMware-based systems associated with our crown jewels and that have something facing the internet.”
Start your free account today

This week's articles

69 Ways to F*** Up Your Deploy   #attack, #ci/cd, #defend
This post is a cursed compendium of 69 ways to f*** up your deploy. It is the irreverent Grimms Brothers version of deployment scenarios.

Intro to forensics in the cloud: A container was compromised. What's next?   #containers, #defend, #kubernetes, #monitor
Learn what tools and data sources you need to use in cloud forensics investigation and how they come into practice in a real-life example.

Building Better Detection Systems: Introducing KRANG at Carta   #monitor
The Carta team aimed to build an automated detection system that is adaptable, flexible, reproducible, and generates high-quality alerts for security teams to respond to. You can also refer to the companion tool.

Containing Compromised EC2 Credentials Without (Hopefully) Breaking Things   #aws, #defend
There are multiple techniques for containing compromised instance credentials. The easy ones are the most likely to break things, but there are creative options to lock out attackers without breaking applications.

Exploring Amazon VPC Lattice   #aws, #explain
AWS has recently released VPC Lattice to General Availability. This post walks through creating a simple VPC Lattice service using CloudFormation, and takes a look at the service overall.

Docker Scout   #announcement, #containers, #defend
Docker Desktop introduced Docker Scout, a tool that provides visibility into image vulnerabilities and recommendations for quick remediation.

WebAssembly on Kubernetes: Everything You Need to Know   #explain, #kubernetes
This is the first article in a two-part series explaining everything you need to know about running WebAssembly workloads on Kubernetes.

Two Minor Cross-Tenant Vulnerabilities in AWS App Runner   #attack, #aws
These vulnerabilities leaked configuration information across tenant boundaries. While they are both minor issues, they further demonstrate that undocumented AWS APIs have lacked the scrutiny of AWS as well as the cloud security community.

Helm completes fuzzing security audit   #defend, #kubernetes
The fuzzing involved enrolling Helm in the OSS-Fuzz project and writing a set of fuzzers that further enriches the test coverage of Helm. In total, 38 fuzzers were written, and nine bugs were found (with eight fixed so far).

Announcing SLSA v1.0 Release Candidate 2   #announcement, #supply-chain
SLSA v1.0 Release Candidate 2 has been announced. This is intended to be the final release candidate before marking v1.0 as an Approved Specification.


A GitHub Action for pip-audit.

Compares and analyzes GCP IAM roles.

GitHub Action for authenticating to Google Cloud with GitHub Actions OIDC tokens and Workload Identity Federation.

VPC Endpoint and EC2 Credentials Exfiltration Mitigation Lab
A detailed playbook that will provide you with hands-on experience provisioning and using a VPC endpoint to better understand how it works.

Trurl is a command line tool for URL parsing and manipulation.


The 2023 Cloud Threat Report
The Wiz cybersecurity research team uncovered dozens of new cloud risks across multiple AWS, Azure, and Google Cloud services. We’ve compiled their findings in this 12-page report including:
  • The latest cloud security threats
  • Emerging cloud-native threat actors
  • API-based vulnerabilities: Includes the full list of breaches in 2022 and best practices to safeguard your cloud
  • Bonus: Free checklist to implement strategies adopted by leading cloud security organizations in the world

Get the complete report to adapt your security strategy in 2023 and beyond.

From the cloud providers

AWS Icon  Logging strategies for security incident response
Post sharing logging options across the typical cloud application stack, log analysis options, and sample queries.

AWS Icon  Announcing policies validations during synthesis time with AWS Cloud Development Kit (CDK)
AWS Cloud Development Kit (CDK) now enables developers to validate Infrastructure as Code (IaC) templates against policy-as-code tools during the development lifecycle.

AWS Icon  Automate IAM credential reports for large AWS Organizations
How to manage credentials with many accounts, automate IAM credential reports, and consolidate the results.

AWS Icon  Simplify Service-to-Service Connectivity, Security, and Monitoring with Amazon VPC Lattice
VPC Lattice is a new capability of Amazon VPC that gives you a consistent way to connect, secure, and monitor communication between your services.

AWS Icon  Self-Service Provisioning of Terraform Open-Source Configurations with AWS Service Catalog
With AWS Service Catalog, you can create, govern, and manage a catalog of infrastructure as code (IaC) templates that are approved for use on AWS.

GCP Icon  Create a dry-run organization policy
GCP now allows to use a dry-run organization policy to monitor how a policy change would impact your workflows before it is enforced.

GCP Icon  GKE Autopilot is now default mode of cluster operation
GKE Autopilot provides faster time-to-market, always-on reliability, an improved security posture, and lower TCO for managed Kubernetes.

GCP Icon  Secure and privacy-centric sharing with data clean rooms in BigQuery
BigQuery data clean rooms can help organizations create and manage secure environments for privacy-centric data sharing, analysis, and collaboration.

GCP Icon  How to secure digital assets with multi-party computation and Confidential Space
To help customers use multi-party computation and Confidential Space, GCP described a reference architecture for implementing MPC-compliant blockchain signing.

Azure Icon  Public preview: Private Application Gateway v2
Application Gateway v2 is introducing support for private IP only frontend configurations, enhanced control over NSG rules, and support for forced tunneling/route table rules to virtual appliances.

Thanks for reading!

If you found this newsletter helpful, I'd really appreciate if you could forward it to your friends and colleagues! 👌

If you have questions, comments, or feedback, let me know on Twitter (@lancinimarco / @CloudSecList), or at!

Forward Forward
Twitter Tweet
Share Share

How did you like this issue of CloudSecList?

1       2       3       4       5

Archives View in browser Sponsorship
© 2019-present, CloudSecList by Marco Lancini.