Release Date: 30/04/2023 | Issue: 185
CloudSecList is a newsletter for busy professionals who want to keep up to date with the cloud security industry. Hand-curated by Marco Lancini.

If you received it, you either subscribed or someone forwarded it to you. If you fit in the latter camp and want to subscribe, then you can click on this button:
Sign Up

Resmo: Too many tools to secure across Cloud & SaaS? ๐Ÿšจ
Are you overwhelmed by managing security across multiple platforms? Youโ€™re not alone. IT and security teams often face the challenge of centralizing information from AWS, Okta, Google Workspace, Azure AD, GitHub, and others.
Resmo simplifies your security management and identifies risks, such as employees without 2FA, and unauthorized apps. Our cutting-edge platform is designed to provide comprehensive visibility into all assets & changes in minutes!
Create your account for FREE today! ๐Ÿš€

This week's articles

Elements of a Successful Cloud Security Program   #strategy
Some thoughts on building a successful Cloud Security Program.

An Adventure in Google Cloud threat detection   #gcp, #monitor
Post highlighting some common threats and exploits in Google Cloud, with the aim to share information to create detections that will catch the early signs of attacker activity.

Azure Threat Research Matrix   #attack, #azure, #defend
The purpose of the Azure Threat Research Matrix (ATRM) is to conceptualize the known tactics, techniques, and procedures (TTP) that adversaries may use against the Azure platform.

Securing AWS Step Functions   #aws, #defend
Some macro-areas to consider when securing step functions: IAM roles and policies, data security, logging and monitoring, and abuse.

Understanding S3 Block Public Access   #aws, #explain
What does "public" actually mean? And how does S3 Block Public Access work? This post answers these questions hoping to shed some light on how S3 Block Public Access can help protect S3 buckets from public access.

EDR Telemetry Project: A Comprehensive Comparison   #monitor
This project aims to compare and evaluate the telemetry of various EDR products.

Using Nix with Dockerfiles   #build, #containers
The article discusses the benefits of using Nix, a functional package manager, with Dockerfiles to create reproducible and efficient container images. Nix allows for easy management of dependencies and versioning, while Dockerfiles provide a portable and scalable way to distribute the images.

Argo CD end user threat model: security considerations for hardening declarative GitOps CD on Kubernetes   #attack, #ci/cd, #defend, #kubernetes
A comprehensive threat modeling analysis of a typical production setup of Argo CD and accompanying security considerations.

GhostToken: Exploiting GCP application infrastructure to create invisible, unremovable trojan app on Google accounts   #attack, #gcp
The vulnerability could allow threat actors to change a malicious application to be invisible and unremovable, effectively leaving the victim's Google account infected with a trojan app forever.

When MFA becomes SFA   #attack, #aws
A particular case where possession of an AWS access key/secret key alone was equivalent to possession of those keys and a previously configured MFA.

Stealing GitHub staff's access token via GitHub Actions   #attack, #ci/cd
A write-up about a vulnerability which could have exposed the access token of GitHub Staff.

Terraform Cloud no-code provisioning is now GA with new features   #announcement, #terraform
No-code provisioning is now GA for Terraform Cloud Business, providing validated self-service infrastructure, additional security through more granular permissions, and ease of use with variable options as dropdowns.

Free Microsoft 365 subscriptions for learning purposes   #azure, #build
You can get a free Microsoft 365 subscription with 25 user licenses to learn and create automations.


A python module to aid in Service Control Policy management in AWS accounts.

Example AWS Service control policies to get started or mature your usage of AWS SCPs.

Dexter can be placed into your CI processes to scrape through the repository and find files that contain image references, with the aim of pinning them to the immutable digest.

Security recommendations and scripts for Microsoft Defender for Cloud.

Azure AD Role Monitor is a small project that scans Azure AD built in roles, and automatically identifies sensitive or dangeorus roles based on the actions that the role is able to perform on an Azure AD tenant.


AWS Organizations
Best practices for organizational units when using AWS Organizations


Simple doesnโ€™t scale
As organizations continue to adopt cloud services, security complexity increases exponentially leaving compliance, maintaining inventory, tracking changes, reducing misconfigurations, and handling threats and users a massive challenge. This is why weโ€™ve released FireMon Cloud Defense, a comprehensive cloud security platform that helps organizations better identify, communicate, prevent, and remediate security risks.
Start using Cloud Defense Free-Tier Now!

From the cloud providers

AWS Icon  AWS Firewall Manager adds support for multiple administrators
Customers with multiple organizational units (OU's), and accounts can now create up to 10 AWS Firewall Manager administrator accounts from AWS Organizations service to manage their firewall policies.

AWS Icon  AWS Resource Access Manager supports fine-grained customer managed permissions
You can now define fine-grained permissions that specify who can do what under specific conditions with your shared resources.

AWS Icon  AWS Announces Three New Amazon GuardDuty Capabilities to Help Customers Protect Container, Database, and Serverless Workloads
They are: new container runtime protection for EKS, extended coverage for data stored in Amazon Aurora, and support for serverless applications in AWS Lambda.

AWS Icon  Mitigating DDoS with data science using AWS Shield Advanced and AWS WAF
This blog post helps customers in mitigating DDoS using AWS Shield Advanced, AWS WAF, and data science. We explore how to use these services along with machine learning (ML) to detect and mitigate DDoS attacks.

GCP Icon  Supercharging security with generative AI
At the RSA Conference, Google announced Cloud Security AI Workbench, an industry-first extensible platform powered by the specialized LLM Sec-PaLM.

GCP Icon  Introducing AI-powered risk summaries in Security Command Center
Google Cloud will integrate their Security AI Workbench with Security Command Center Premium. Here's how that can help you secure your organization.

GCP Icon  Introducing AI-powered investigation in Chronicle Security Operations
Chronicle customers will be able to search security events and interact conversationally with the results, all without learning a new syntax or schema.

GCP Icon  Introducing AI-powered insights in Threat Intelligence
Google Cloud and Mandiant plan to use LLMs to transform threat intelligence and how it is operationalized. Here's why.

GCP Icon  Announcing API abuse detection powered by machine learning
Google Cloud is making it easier to help detect API abuse with the introduction of Advanced API Security Machine Learning powered abuse-detection dashboards. Here's what's new.

Azure Icon  Generally available: API Management Authorization
API Management Authorizations are now generally available, providing a simple and reliable way to unbundle and abstract authorizations from web APIs.

Azure Icon  Generally available: Azure Monitor alerts now suggests signals to alert on
When creating an alert rule using the Azure portal, configuring the condition of the alert rule is now made simpler with popular signals and settings.

Azure Icon  Generally Available: Inbound IP restrictions for Azure Container Apps
You can now restrict inbound traffic by IP without using a custom solution.

Thanks for reading!

If you found this newsletter helpful, I'd really appreciate if you could forward it to your friends and colleagues! ๐Ÿ‘Œ

If you have questions, comments, or feedback, let me know on Twitter (@lancinimarco / @CloudSecList), or at!

Forward Forward
Twitter Tweet
Share Share

How did you like this issue of CloudSecList?

1       2       3       4       5

Archives View in browser Sponsorship
ยฉ 2019-present, CloudSecList by Marco Lancini.