Release Date: 23/04/2023 | Issue: 184
Know someone who'd find this useful? Forward this email
CloudSecList is a newsletter for busy professionals who want to keep up to date with the cloud security industry. Hand-curated by Marco Lancini.
Sponsor

2023 Gartner® CNAPP Market Guide
Cloud continues to accelerate, increasing the attack surface and the need to effectively collaborate across security and development teams. CNAPP solutions bring together multiple security capabilities into a single platform to identify, prioritize, and remediate cloud risks. In this report, Gartner offers insights on the current market offerings of CNAPP solutions including:
  • The state of the cloud security market and why security leaders are turning to CNAPP
  • Key features of CNAPP offerings
  • Recommendation for how to approach a CNAPP evaluation
Get the Report

This week's articles


Data Driven Detection Engineering
A post arguing for stronger software engineering skills in cybersecurity, and a focus on data engineering.   #strategy


Mind The Gap - Bringing Together Cloud Services and Managed K8s Environments
Slides from a KubeCon EU 2023 talk which describes common security pitfalls in managed Kubernetes environments.   #explain   #kubernetes


State of Cloud Threat Detection and Response Report
A report which summarizes the survey responses of 400 security leaders and SecOps practitioners in North America regarding the capabilities, practices, and behaviors of protecting against, identifying, and remediating cloud-based threats.   #strategy


Crafting Container Images That Won't Drive You Crazy
Jetstack shares some container security best practices, including using minimal base images, running as non-root users, managing secrets, signing images, and generating SBOMs.   #build   #containers   #explain


Cloud Red Teaming: AWS Initial Access & Privilege Escalation
Slides from a session that covered the latest cloud focused attack vectors and described viable strategies on how to detect their malicious usage within your cloud environments.   #attack   #aws   #azure   #gcp


Container security fundamentals part 3: Capabilities
A look at how capabilities are used in Linux and container systems.   #containers   #explain


Detecting the Use of Stolen AWS Lambda Credentials
A novel technique which uses AWS CloudTrail to detect the use of stolen credentials.   #aws   #monitor


New Phone, Who Dis? How Cloud Environments Are Exploited for Smishing Campaigns
Commodity threat actors have recently begun to exploit cloud environments for smishing campaigns, employing techniques strikingly similar to those used in SES enumeration and abuse.   #attack   #aws


Hacking Your Cloud: Tokens Edition 2.0
Techniques attackers might use to exploit cloud tokens and gain access to resources. Strong token management, limiting privileges, and token revocation policies help mitigate risks.   #attack   #azure


BrokenSesame: Accidental write permissions to private registry allowed potential RCE to Alibaba Cloud Database Services
A container escape vulnerability, combined with accidental 'write' permissions to a private registry, opened a backdoor for Wiz Research to access Alibaba Cloud databases and potentially compromise its services through a supply-chain attack.   #alibaba   #attack


Asset Key Thief security vulnerability technical details
A persistent Service Account private key exfiltration privilege escalation technique that potentially affected Google Cloud Service Accounts, now remediated promptly by the Google Cloud team.   #attack   #gcp


First-Ever Attack Leveraging Kubernetes RBAC to Backdoor Clusters
For the first time evidence that attackers are exploiting Kubernetes Role-Based Access Control (RBAC) in the wild to create backdoors.   #attack   #kubernetes


Kubernetes 1.24 Security Audit
NCC Group performed a security evaluation of Kubernetes 1.24.0 release. Key findings included concerns with the administrative experience, flaws in communication between the API Server and the Kubelet which may result in an elevation of privilege, and flaws in input sanitization which provide a limited authorization bypass.   #attack   #kubernetes


Kubernetes 1.27: Query Node Logs Using The Kubelet API
Kubernetes 1.27 introduced a new feature called Node log query that allows viewing logs of services running on the node.   #kubernetes   #monitor


SLSA v1.0 is now final!
After almost two years since SLSA's initial preview release, the first official stable version, SLSA v1.0, has been released.   #announcement   #supply-chain

Sponsor

Completing security questionnaires can be a time-consuming and expensive task for businesses. Vanta is changing that. Introducing Questionnaire Automation, where organizations can reduce the resources required for questionnaires and respond within minutes to speed up the sales cycle.
Join the live product demo on April 26 at 12pm PT with Chase Lee, VP of Product at Vanta. In this 30-minute session, you’ll get a chance to:
  • See Questionnaire Automation in action
  • Ask questions and learn next steps
  • Connect with your peers and gain valuable insights
Register to save your spot

Tools


managed-kubernetes-auditing-toolkit
All-in-one auditing toolkit for identifying common security issues in managed Kubernetes environments.


awesome-layers
A curated list of awesome AWS Lambda Layers.


github-audit-alerter
Slack alert bot for matching Github Audit Events.


iam-access-key-report
A tool that will enumerate data about all active IAM access keys across an AWS Organization and will enrich each key with account tag information.


edge
Recon tool for cloud provider attribution.

From the cloud providers


#AWS   Scale your authorization needs for Secrets Manager using ABAC with IAM Identity Center
How to use principles of attribute-based access control (ABAC) to define dynamic IAM permission policies in AWS IAM Identity Center by using user attributes from an external identity provider (IdP) and resource tags in Secrets Manager.


#AWS   How to implement a centralized immutable backup solution with AWS Backup
Post walking through different AWS Backup features that you can use to implement a centralized immutable backup solution to implement protections against unauthorized access to your backup data in your central backup account.


#AWS   How to prioritize IAM Access Analyzer findings
IAM Access Analyzer helps to identify resource policies that allow public access, and prioritizing the findings can be done by focusing on resources that are critical to business operations and data privacy. Use resource tagging for easier organization and filtering, and continuously monitor and remediate findings.


#AWS   Use IAM roles to connect GitHub Actions to actions in AWS
This post focuses on creating an IAM OIDC identity provider for GitHub and demonstrates how to authorize access into an AWS account from a specific branch and repository.


#GCP   Take control of your supply chain with Artifact Registry
Remote and virtual repositories from Google Cloud Artifact Registry can help add assurance to your software supply chain.


#GCP   Migrate from PSP policies to Policy Bundle
How to migrate Pod Security Policies (PSPs) to the new format in the Kubernetes 1.21 release.


#GCP   Running Infrastructure-as-Code with the least privilege possible
Google service account impersonation lets you run your terraform code and manage resources without overly broad access.


#GCP   Access managed services globally with Private Service Connect
Private Service Connect offers secure, private connectivity to managed services, which are now accessible by hybrid networks and for global services.


#AZURE   Announcing the general availability of Azure CNI Overlay in Azure Kubernetes Service
Azure CNI Overlay assigns IP addresses from the user-defined overlay address space instead of using IP addresses from the VNET. It uses the routing of these private address spaces as a native virtual network feature. This means that cluster nodes do not need to perform any extra encapsulation to make the overlay container network work.


#AZURE   Istio-based service mesh add-on for Azure Kubernetes Service
Microsoft introduced the public preview of the Istio add-on for Azure Kubernetes Service.

Thanks for reading!

If you found this newsletter helpful, I'd really appreciate if you could forward it to your friends and colleagues! 👌

If you have questions, comments, or feedback, let me know on Twitter (@lancinimarco / @CloudSecList), or at feedback.cloudseclist.com!

Thanks,
Marco
Forward Forward
Twitter Tweet
Share Share

How did you like this issue of CloudSecList?

1       2       3       4       5

Archives View in browser Sponsorship
© 2019-present CloudSecList · Marco Lancini