Release Date: 23/04/2023 | Issue: 184
CloudSecList is a newsletter for busy professionals who want to keep up to date with the cloud security industry. Hand-curated by Marco Lancini.

If you received it, you either subscribed or someone forwarded it to you. If you fit in the latter camp and want to subscribe, then you can click on this button:
Sign Up
Sponsor

2023 Gartner® CNAPP Market Guide
Cloud continues to accelerate, increasing the attack surface and the need to effectively collaborate across security and development teams. CNAPP solutions bring together multiple security capabilities into a single platform to identify, prioritize, and remediate cloud risks. In this report, Gartner offers insights on the current market offerings of CNAPP solutions including:
  • The state of the cloud security market and why security leaders are turning to CNAPP
  • Key features of CNAPP offerings
  • Recommendation for how to approach a CNAPP evaluation
Get the Report

This week's articles


Data Driven Detection Engineering   #strategy
A post arguing for stronger software engineering skills in cybersecurity, and a focus on data engineering.


Mind The Gap - Bringing Together Cloud Services and Managed K8s Environments   #explain, #kubernetes
Slides from a KubeCon EU 2023 talk which describes common security pitfalls in managed Kubernetes environments.


State of Cloud Threat Detection and Response Report   #strategy
A report which summarizes the survey responses of 400 security leaders and SecOps practitioners in North America regarding the capabilities, practices, and behaviors of protecting against, identifying, and remediating cloud-based threats.


Crafting Container Images That Won't Drive You Crazy   #build, #containers, #explain
Jetstack shares some container security best practices, including using minimal base images, running as non-root users, managing secrets, signing images, and generating SBOMs.


Cloud Red Teaming: AWS Initial Access & Privilege Escalation   #attack, #aws, #azure, #gcp
Slides from a session that covered the latest cloud focused attack vectors and described viable strategies on how to detect their malicious usage within your cloud environments.


Container security fundamentals part 3: Capabilities   #containers, #explain
A look at how capabilities are used in Linux and container systems.


Detecting the Use of Stolen AWS Lambda Credentials   #aws, #monitor
A novel technique which uses AWS CloudTrail to detect the use of stolen credentials.


New Phone, Who Dis? How Cloud Environments Are Exploited for Smishing Campaigns   #attack, #aws
Commodity threat actors have recently begun to exploit cloud environments for smishing campaigns, employing techniques strikingly similar to those used in SES enumeration and abuse.


Hacking Your Cloud: Tokens Edition 2.0   #attack, #azure
Techniques attackers might use to exploit cloud tokens and gain access to resources. Strong token management, limiting privileges, and token revocation policies help mitigate risks.


BrokenSesame: Accidental write permissions to private registry allowed potential RCE to Alibaba Cloud Database Services   #alibaba, #attack
A container escape vulnerability, combined with accidental 'write' permissions to a private registry, opened a backdoor for Wiz Research to access Alibaba Cloud databases and potentially compromise its services through a supply-chain attack.


Asset Key Thief security vulnerability technical details   #attack, #gcp
A persistent Service Account private key exfiltration privilege escalation technique that potentially affected Google Cloud Service Accounts, now remediated promptly by the Google Cloud team.


First-Ever Attack Leveraging Kubernetes RBAC to Backdoor Clusters   #attack, #kubernetes
For the first time evidence that attackers are exploiting Kubernetes Role-Based Access Control (RBAC) in the wild to create backdoors.


Kubernetes 1.24 Security Audit   #attack, #kubernetes
NCC Group performed a security evaluation of Kubernetes 1.24.0 release. Key findings included concerns with the administrative experience, flaws in communication between the API Server and the Kubelet which may result in an elevation of privilege, and flaws in input sanitization which provide a limited authorization bypass.


Kubernetes 1.27: Query Node Logs Using The Kubelet API   #kubernetes, #monitor
Kubernetes 1.27 introduced a new feature called Node log query that allows viewing logs of services running on the node.


SLSA v1.0 is now final!   #announcement, #supply-chain
After almost two years since SLSA's initial preview release, the first official stable version, SLSA v1.0, has been released.

Tools


managed-kubernetes-auditing-toolkit
All-in-one auditing toolkit for identifying common security issues in managed Kubernetes environments.


awesome-layers
A curated list of awesome AWS Lambda Layers.


github-audit-alerter
Slack alert bot for matching Github Audit Events.


iam-access-key-report
A tool that will enumerate data about all active IAM access keys across an AWS Organization and will enrich each key with account tag information.


edge
Recon tool for cloud provider attribution.

Sponsor

Completing security questionnaires can be a time-consuming and expensive task for businesses. Vanta is changing that. Introducing Questionnaire Automation, where organizations can reduce the resources required for questionnaires and respond within minutes to speed up the sales cycle.
Join the live product demo on April 26 at 12pm PT with Chase Lee, VP of Product at Vanta. In this 30-minute session, you’ll get a chance to:
  • See Questionnaire Automation in action
  • Ask questions and learn next steps
  • Connect with your peers and gain valuable insights
Register to save your spot

From the cloud providers


AWS Icon  Scale your authorization needs for Secrets Manager using ABAC with IAM Identity Center
How to use principles of attribute-based access control (ABAC) to define dynamic IAM permission policies in AWS IAM Identity Center by using user attributes from an external identity provider (IdP) and resource tags in Secrets Manager.


AWS Icon  How to implement a centralized immutable backup solution with AWS Backup
Post walking through different AWS Backup features that you can use to implement a centralized immutable backup solution to implement protections against unauthorized access to your backup data in your central backup account.


AWS Icon  How to prioritize IAM Access Analyzer findings
IAM Access Analyzer helps to identify resource policies that allow public access, and prioritizing the findings can be done by focusing on resources that are critical to business operations and data privacy. Use resource tagging for easier organization and filtering, and continuously monitor and remediate findings.


AWS Icon  Use IAM roles to connect GitHub Actions to actions in AWS
This post focuses on creating an IAM OIDC identity provider for GitHub and demonstrates how to authorize access into an AWS account from a specific branch and repository.


GCP Icon  Take control of your supply chain with Artifact Registry
Remote and virtual repositories from Google Cloud Artifact Registry can help add assurance to your software supply chain.


GCP Icon  Migrate from PSP policies to Policy Bundle
How to migrate Pod Security Policies (PSPs) to the new format in the Kubernetes 1.21 release.


GCP Icon  Running Infrastructure-as-Code with the least privilege possible
Google service account impersonation lets you run your terraform code and manage resources without overly broad access.


GCP Icon  Access managed services globally with Private Service Connect
Private Service Connect offers secure, private connectivity to managed services, which are now accessible by hybrid networks and for global services.


Azure Icon  Announcing the general availability of Azure CNI Overlay in Azure Kubernetes Service
Azure CNI Overlay assigns IP addresses from the user-defined overlay address space instead of using IP addresses from the VNET. It uses the routing of these private address spaces as a native virtual network feature. This means that cluster nodes do not need to perform any extra encapsulation to make the overlay container network work.


Azure Icon  Istio-based service mesh add-on for Azure Kubernetes Service
Microsoft introduced the public preview of the Istio add-on for Azure Kubernetes Service.

Thanks for reading!
If you found this newsletter helpful, I'd really appreciate if you could forward it to your friends and colleagues! 👌

If you have questions, comments, or feedback, let me know on Twitter (@lancinimarco / @CloudSecList), or at feedback.cloudseclist.com!

Thanks,
Marco
Forward Forward
Twitter Tweet
Share Share

How did you like this issue of CloudSecList?

1       2       3       4       5

Archives View in browser Sponsorship
© 2019-present, CloudSecList by Marco Lancini.