Release Date: 28/05/2023 | Issue: 189

CloudSecList is a newsletter for busy professionals who want to keep up to date with the cloud security industry. Hand-curated by Marco Lancini.

If you received it, you either subscribed or someone forwarded it to you. If you fit in the latter camp and want to subscribe, then you can click on this button:

Sponsor

Resmo: Want to know who’s using ChatGPT in your organization? 💬
Easily connect with Google Workspace, Azure AD, or our browser extensions in just minutes. Discover the SaaS tools your employees are accessing, even those in Shadow IT. Identify security vulnerabilities, excessive permissions, and weak or reused passwords. Gain complete visibility through real-time dashboards and alerts.
Click here to create your free account now!

This week's articles

Bridging the Security Gap: Mitigating Lateral Movement Risks from On-Premises to Cloud Environments #attack, #azure

This blog post discusses lateral movement risks from on-prem to the cloud, explaining attacker TTPs, and outlining best practices for cloud builders and defenders to help secure their cloud environments and mitigate risk.

Is Cloud Forensics just Log Analysis? Kind Of. #aws, #monitor

The article discusses the differences between traditional forensics and cloud forensics, highlighting the importance of understanding cloud-specific artifacts and logs.

Unmasking GUI-Vil: Financially Motivated Cloud Threat Actor #attack, #aws, #defend, #monitor

This article describes the attack lifecycle and detection opportunities for a cloud-focused, financially motivated threat actor.

AWS Lambda Function: IAM User Password Expiry Notice #aws, #build, #iam

Walk through the necessary steps to set up an AWS Lambda function to email notifications to IAM Users when their AWS Web Console passwords are expiring.

Protect your data from ransomware with S3 Object Lock #aws, #explain

A simple-term introduction to S3 Object Lock, what it is, and how does it work.

Tampering with Conditional Access Policies Using Azure AD Graph API #attack, #azure

Modifications made using AADGraph are not properly logged, endangering integrity and non-repudiation of Azure AD policies.

Container security fundamentals part 4: Cgroups #containers, #explain

A look at how cgroups are used in Linux and container systems.

Terraform check Block #explain, #terraform

The "check" block has been introduced in the latest pre-release of Terraform (v1.5.0). This allows practitioners to define assertions based on data source values to verify the state of the infrastructure on an ongoing basis.

Terraform AWS provider 5.0 adds updates to default tags #build, #terraform

Version 5.0 of the HashiCorp Terraform AWS provider brings improvements to default tags, allowing practitioners to set tags at the provider level.

Tools

iam-identity-center-team

Open-source temporary elevated access solution for AWS IAM Identity Center.

cowcloud

Run recon tools and vulnerability scans in a distributed way in AWS.

CureIAM

An engine for least privilege principle enforcement on GCP cloud.

AWS IAM Policy Generator

A tool which helps crafting AWS IAM Policies and converting them to IaC.

aws-cloudsaga

AWS CloudSaga - Simulate security events in AWS.

CloudSecDocs

Machine to Machine Authentication

Summary of an AWS post aiming to help you decide which approach is best to securely connect your applications, either residing on premises or hosted outside of AWS, to your AWS environment when no human interaction comes into play.

From the cloud providers

TLS inspection configuration for encrypted traffic and AWS Network Firewall

Post looking into the recently launched TLS inspection configuration for ingress inspection architectures and discussing considerations for enabling this feature.

Exclude cipher suites at the API gateway using a Network Load Balancer security policy

How to use Amazon Elastic Load Balancing (ELB) to apply a more granular control on the cipher suites that are used between clients and servers when establishing an SSL/TLS connection with Amazon API Gateway.

How to use AWS IAM Access Analyzer API to automate detection of public access to AWS KMS keys

How to use AWS IAM Access Analyzer programmatically to automate the detection of public access to your resources in an AWS account, and how to work with the Access Analyzer API to create an analyzer and call specific API functions from code.

Cloud Run now supports sidecar deployments: monitoring agents, proxies and more

Google introduced Cloud Run sidecars, allowing you to start independent sidecar containers that run alongside the main container serving web requests.

How to Use Log Analytics in Cloud Logging to gain deeper network insights

Log Analytics in Cloud Logging lets you search and aggregate network logs to find network trends and anomalies, and troubleshoot networking issues.

GA Azure API Management Self-hosted gateway authentication using Azure Active Directory

New authentication method for the Self-hosted gateway with the configuration endpoint.

Public Preview: GitHub Advanced Security for Azure DevOps

Learn how GitHub Advanced Security for Azure DevOps implements code scanning, secret scanning, and dependency scanning in Azure DevOps.

Public preview: Secrets volume mounts for Azure Container Apps

You can now mount secrets as volumes in Azure Container Apps.

CloudSecBooks

I'm writing a book! 📖
The CloudSec Engineer will be a book on how to enter, establish yourself, and thrive in the cloud security industry as an individual contributor.
You can sign up to get updates and free samples of the book as I write it at: cloudsecbooks.com

Thanks for reading!

If you found this newsletter helpful, I'd really appreciate if you could forward it to your friends and colleagues! 👌

If you have questions, comments, or feedback, let me know on Twitter (@lancinimarco / @CloudSecList), or at feedback.cloudseclist.com!

Thanks,
Marco

Forward

This week's articles

Tools

CloudSecDocs

From the cloud providers

Thanks for reading!

How did you like this issue of CloudSecList?

1 2 3 4 5