This week's articles
DevOps threat matrix
#strategy, #supply-chain
Microsoft released a blog post discussing threats we face in their DevOps environment, introducing their new threat matrix for DevOps. Using this matrix, they show the different techniques an adversary might use to attack an organization from the initial access phase and forward.
Let's talk about Kubelet authorization
#explain, #iam, #kubernetes
Kubelet authorization can be a bit of a confusing topic in Kubernetes as it doesn't (usually) use RBAC. This post tries to explain how it works.
Ransomware in the cloud. Insights from practical experience
#defend, #monitor
The article discusses the rise of ransomware attacks in cloud environments and provides examples of recent attacks. It highlights the importance of securing cloud infrastructure and recommends best practices for preventing and responding to ransomware attacks in the cloud.
|
|
Tools
kube-iptables-tailer
A service that gives you better visibility on networking issues in your Kubernetes cluster by detecting the traffic denied by iptables and surfacing corresponding information to the affected Pods via Kubernetes events.
amazon-ec2-cloudwatch-alarms-sls
Create a centralized API for creating/deleting EC2 CloudWatch alarms on EC2 Instance Metrics in a multi-account AWS Organizations implementation.
artifact-events
Collection of Google Container and Artifact Registry workflows.
Spoofy
Spoofy is a program that checks if a list of domains can be spoofed based on SPF and DMARC records.
|
|
Job Advert
ControlPlane is a London based cloud technology company helping to keep people safe online, and weβre hiring. We guarantee kind people, interesting work, and offer remote-first roles: https://control-plane.breezy.hr/ ControlPlane's KubeCon offer: Lightspeed Security in our Threat Room: systems, supply chains, glints of the eye, we appraise and review it all in 25m sessions with our high-impact threat modelling process. See what else we're up to, including talks, running the official CTF, booth SU57 and our BoothCTF, contributing to the new Security Village and more.
|
|
|
From the cloud providers
Introducing AWS Lambda response streaming
AWS Lambda announced support for response payload streaming. Response streaming is a new invocation pattern that lets functions progressively stream response payloads back to clients.
Announcing updates to the AWS Well-Architected Framework
This update introduces changes across all six pillars of the framework. Services that were added or expanded in coverage include: Elastic Disaster Recovery Trusted Advisor, Resilience Hub, Config, Security Hub, GuardDuty, Organizations, Control Tower, Compute Optimizer, Budgets, CodeWhisperer, and CodeGuru.
azure-docs
Open source documentation of Microsoft Azure.
|
|
Thanks for reading!
|
If you found this newsletter helpful, I'd really appreciate if you could forward it to your friends and colleagues! π If you have questions, comments, or feedback, let me know on Twitter ( @lancinimarco / @CloudSecList), or at feedback.cloudseclist.com! Thanks, Marco
|
|
|