Release Date: 21/05/2023 | Issue: 188
CloudSecList is a newsletter for busy professionals who want to keep up to date with the cloud security industry. Hand-curated by Marco Lancini.

If you received it, you either subscribed or someone forwarded it to you. If you fit in the latter camp and want to subscribe, then you can click on this button:
Sign Up

Unit 42 Unveils Most 'Expansive' Cloud Threat Research Yet
The Unit 42 Cloud Threat Report addresses how threat actors have become adept at exploiting common, everyday issues in the cloud. Learn about the greatest risks to your cloud environment and how to manage them effectively. You’ll also:
  • Learn lessons from real cloud breach incidents.
  • Get tips to stay ahead of cloud threat actors.
  • Address the most common cloud security issues.
  • Discover the impacts and risks of open-source software in the cloud.
Get the report now

This week's articles

The Art of the Security Double Play: How Mercari Combines Internal Audits and Custom CodeQL Queries to Keep Systems Safe   #ci/cd, #defend
Mercari combines internal audits and custom CodeQL queries to keep their systems safe. They use CodeQL to write custom queries that identify vulnerabilities in their code. These queries are then run regularly as part of their internal audit process.

Connecting Block Business Units with AWS API Gateway   #aws, #build
How Block enables backend services to securely connect across business unit boundaries using AWS API Gateway.

Attacking and securing cloud identities in managed Kubernetes part 1: Amazon EKS   #attack, #aws, #kubernetes
This post provides a deep dive into how Amazon EKS IAM works, and several attack vectors to pivot from an EKS cluster to an AWS environment.

Securing Cloud Native Microservices with Role-Based Access Control using Keycloak   #build, #kubernetes
This article takes developers through how to integrate Keycloak's RBAC capabilities into cloud-native microservices for security with a step-by-step tutorial.

Understanding Azure logging capabilities in depth   #azure, #monitor
Azure includes lots of great technologies, which can be used for logging purpose. Currently, Microsoft is transitioning from v1-method (MMA) to v2-method using DCRs.

Building a Kubernetes purple teaming lab   #kubernetes, #monitor
An how-to article from Sumo Logic explaining how to build and create a home lab for Kubernetes threat detection engineering and purple teaming.

Fun with container images - Bypassing vulnerability scanners   #attack, #containers
An example of how it would be possible for a malicious container image to bypass container vulnerability scanners.

An OPA Gatekeeper gotcha when enforcing policy on all resource kinds   #build, #opa
Documenting and providing potential solutions for a beginner OPA Gatekeeper gotcha that people could ran into.

Kubernetes 1.27: KMS V2 Moves to Beta   #announcement, #kubernetes
KMS provides an interface for a provider to utilize a key stored in an external key service to encrypt etcd data. With Kubernetes 1.27, KMS is moving to beta.


A simple HTTP proxy that fogs over naughty URLs.

Tools that checks for misconfigured access to Github OIDC from AWS roles and GCP service accounts. You can also refer to the companion blog post.

Monitoring GitLab for sensitive data shared publicly.

A process for automating Docker container base image updates.

CLI to convert Kubernetes specifications to ECS Fargate and vice-versa.


Supply Chain Security
A summary of the "Software Supply Chain Security Best Practices" Paper, which provides a holistic approach to supply chain security by highlighting the importance of layered defensive practices.


The CSPM Buyer’s Guide (Free PDF)
Security risks grow exponentially as your cloud footprint increases. That’s why picking the right Cloud Security Posture Management (CSPM) solution is critical to building your security strategy. In this free resource, Wiz breaks down market trends to help you understand how to find the right solution for your org.
Download the CSPM Buyer’s Guide here

From the cloud providers

AWS Icon  AWS WAF enhances rate-based rules to support request headers and composite keys
AWS WAF now supports additional request parameters for rate-based rules, including cookies and other HTTP headers. Additionally, you can now create composite keys based on up to 5 request parameters, providing more granular options for managing and securing web application traffic.

AWS Icon  Simplify the Investigation of AWS Security Findings with Amazon Detective
Detective now offers investigation support for findings in AWS Security Hub in addition to those detected by GuardDuty.

GCP Icon  Introducing Duet AI for developers: The next frontier in AI-powered developer productivity
How Duet AI can help provide developers with real-time code suggestions, chat assistance, and enterprise-focused customization.

GCP Icon  Policy Controller dashboard: Now available for all Anthos and GKE environments
Policy Controller enforces programmable policies for Anthos clusters, which you can manage through the enhanced Policy Controller dashboard.

GCP Icon  How to solve customer challenges when security patching Google Kubernetes Engine
Cloud customers are increasingly running workloads in Kubernetes clusters. Applying security patches can be fraught - but it doesn't have to be.

GCP Icon  Cloud Data Loss Prevention's sensitive data intelligence service is now available in Security Command Center
Cloud DLP can monitor your data warehouse to show where sensitive data is stored and processed. You now can use Security Command Center to prioritize findings that drive the greatest risks.

GCP Icon  Google Cloud Learning Courses and Certifications
Google introduced the Google Cloud learning hub, to help organizations grow critical cloud skills.

Azure Icon  Azure Backup Reports now includes support for more workloads
Azure Backup Reports now includes support for more workloads: Azure Database for PostgreSQL Servers, Azure Blobs and Azure Disks.

Azure Icon  Private preview: Azure Backup support for confidential VMs using Customer Managed Keys
Azure Backup support for confidential VMs using Customer Managed Keys.

Azure Icon  Public preview: Azure Container Storage
Azure Container Storage is a new Azure service built natively for containers that enables customers to create and manage volumes for running production scale stateful container applications.

Thanks for reading!

If you found this newsletter helpful, I'd really appreciate if you could forward it to your friends and colleagues! 👌

If you have questions, comments, or feedback, let me know on Twitter (@lancinimarco / @CloudSecList), or at!

Forward Forward
Twitter Tweet
Share Share

How did you like this issue of CloudSecList?

1       2       3       4       5

Archives View in browser Sponsorship
© 2019-present, CloudSecList by Marco Lancini.