Release Date: 16/04/2023 | Issue: 183
CloudSecList is a newsletter for busy professionals who want to keep up to date with the cloud security industry. Hand-curated by Marco Lancini.

If you received it, you either subscribed or someone forwarded it to you. If you fit in the latter camp and want to subscribe, then you can click on this button:
Sign Up

Not sure what a Lambda extension is?
Read this blog by ClearVector to learn about Lambda extensions and the Lambda execution environment.

This week's articles

Announcing the API: critical dependency data for secure supply chains   #announcement, #supply-chain
Google announced the API, which provides free access to the dataset of security metadata, including dependencies, licenses, advisories, and other critical health and security signals for more than 50 million open source package versions.

Supply chain security for Go, Part 1: Vulnerability management   #defend, #supply-chain
This post covers how Go helps teams with the tricky problem of managing vulnerabilities in their open source packages.

DevOps threat matrix   #strategy, #supply-chain
Microsoft released a blog post discussing threats we face in their DevOps environment, introducing their new threat matrix for DevOps. Using this matrix, they show the different techniques an adversary might use to attack an organization from the initial access phase and forward.

A Myth or Reality? Debunking (Mis)Conceptions Surrounding Cloud Ransomware   #defend
Read about seven common myths surrounding cloud surfaces and the importance of securing cloud data from ransomware attacks.

Let's talk about Kubelet authorization   #explain, #iam, #kubernetes
Kubelet authorization can be a bit of a confusing topic in Kubernetes as it doesn't (usually) use RBAC. This post tries to explain how it works.

Building a secure Azure reference architecture with Terraform   #azure, #build, #terraform
A reference architecture including several components, such as a virtual network, a bastion host, a load balancer, and a cluster of virtual machines running a web application.

The Unholy Marriage of AWS IAM Roles and Instance Profiles   #aws, #explain, #iam
Post explaining IAM Roles and Instance Profiles, how to create and manage them, and attach them to EC2 instances to grant permissions to access AWS services while adhering to security best practices.

Ransomware in the cloud. Insights from practical experience   #defend, #monitor
The article discusses the rise of ransomware attacks in cloud environments and provides examples of recent attacks. It highlights the importance of securing cloud infrastructure and recommends best practices for preventing and responding to ransomware attacks in the cloud.

From listKeys to Glory: How We Achieved a Subscription Privilege Escalation and RCE by Abusing Azure Storage Account Keys   #attack, #azure
How the Orca Security team discovered a critical exploitation path, utilizing Microsoft Azure shared key authorization, and provide key mitigation steps.

Privilege escalation in AWS Elastic Kubernetes Service   #attack, #aws, #kubernetes
An interesting privilege escalation scenario in Kubernetes (EKS) involving NodeRestriction.

Announcing a white paper on Platforms for Cloud Native Computing   #strategy
The CNCF's Platforms working group (WG) announced the first release of a whitepaper to provide guidance and clarity on the nature and benefits of platforms for cloud-native computing.

Kubernetes v1.27 Released   #announcement, #kubernetes
This release consist of 60 enhancements. 18 of those enhancements are entering Alpha, 29 are graduating to Beta, and 13 are graduating to Stable. You can also checkout a summary of new security-related features.


A service that gives you better visibility on networking issues in your Kubernetes cluster by detecting the traffic denied by iptables and surfacing corresponding information to the affected Pods via Kubernetes events.

Create a centralized API for creating/deleting EC2 CloudWatch alarms on EC2 Instance Metrics in a multi-account AWS Organizations implementation.

A CDK template that provisions an end to end pipeline using CodePipeline, CodeCommit and CodeBuild.

Collection of Google Container and Artifact Registry workflows.

Spoofy is a program that checks if a list of domains can be spoofed based on SPF and DMARC records.

Job Advert

ControlPlane is a London based cloud technology company helping to keep people safe online, and we’re hiring. We guarantee kind people, interesting work, and offer remote-first roles:
ControlPlane's KubeCon offer: Lightspeed Security in our Threat Room: systems, supply chains, glints of the eye, we appraise and review it all in 25m sessions with our high-impact threat modelling process. See what else we're up to, including talks, running the official CTF, booth SU57 and our BoothCTF, contributing to the new Security Village and more.

From the cloud providers

AWS Icon  Introducing AWS Lambda response streaming
AWS Lambda announced support for response payload streaming. Response streaming is a new invocation pattern that lets functions progressively stream response payloads back to clients.

AWS Icon  Announcing updates to the AWS Well-Architected Framework
This update introduces changes across all six pillars of the framework. Services that were added or expanded in coverage include: Elastic Disaster Recovery Trusted Advisor, Resilience Hub, Config, Security Hub, GuardDuty, Organizations, Control Tower, Compute Optimizer, Budgets, CodeWhisperer, and CodeGuru.

AWS Icon  Investigate security events by using AWS CloudTrail Lake advanced queries
How to use CloudTrail Lake capabilities to investigate CloudTrail activity across AWS Organizations in response to a security incident scenario.

GCP Icon  How Assured Workloads accelerates security and compliance
Assured Workloads allows governments and regulated industries to accelerate innovation and meet stringent compliance requirements at scale.

Azure Icon  Announcing Image Signing for Windows Containers
Post exploring the concept of container image signing, the benefits of signing container images, how Azure implemented signing in Windows containers, and how it can be verified.

Azure Icon  azure-docs
Open source documentation of Microsoft Azure.

Thanks for reading!

If you found this newsletter helpful, I'd really appreciate if you could forward it to your friends and colleagues! πŸ‘Œ

If you have questions, comments, or feedback, let me know on Twitter (@lancinimarco / @CloudSecList), or at!

Forward Forward
Twitter Tweet
Share Share

How did you like this issue of CloudSecList?

1       2       3       4       5

Archives View in browser Sponsorship
Β© 2019-present, CloudSecList by Marco Lancini.