Release Date: 28/05/2023 | Issue: 189
CloudSecList is a newsletter for busy professionals who want to keep up to date with the cloud security industry. Hand-curated by Marco Lancini.

If you received it, you either subscribed or someone forwarded it to you. If you fit in the latter camp and want to subscribe, then you can click on this button:
Sign Up

Resmo: Want to know who’s using ChatGPT in your organization? 💬
Easily connect with Google Workspace, Azure AD, or our browser extensions in just minutes. Discover the SaaS tools your employees are accessing, even those in Shadow IT. Identify security vulnerabilities, excessive permissions, and weak or reused passwords. Gain complete visibility through real-time dashboards and alerts.
Click here to create your free account now!

This week's articles

Bridging the Security Gap: Mitigating Lateral Movement Risks from On-Premises to Cloud Environments   #attack, #azure
This blog post discusses lateral movement risks from on-prem to the cloud, explaining attacker TTPs, and outlining best practices for cloud builders and defenders to help secure their cloud environments and mitigate risk.

Is Cloud Forensics just Log Analysis? Kind Of.   #aws, #monitor
The article discusses the differences between traditional forensics and cloud forensics, highlighting the importance of understanding cloud-specific artifacts and logs.

Unmasking GUI-Vil: Financially Motivated Cloud Threat Actor   #attack, #aws, #defend, #monitor
This article describes the attack lifecycle and detection opportunities for a cloud-focused, financially motivated threat actor.

AWS Lambda Function: IAM User Password Expiry Notice   #aws, #build, #iam
Walk through the necessary steps to set up an AWS Lambda function to email notifications to IAM Users when their AWS Web Console passwords are expiring.

Protect your data from ransomware with S3 Object Lock   #aws, #explain
A simple-term introduction to S3 Object Lock, what it is, and how does it work.

Tampering with Conditional Access Policies Using Azure AD Graph API   #attack, #azure
Modifications made using AADGraph are not properly logged, endangering integrity and non-repudiation of Azure AD policies.

Container security fundamentals part 4: Cgroups   #containers, #explain
A look at how cgroups are used in Linux and container systems.

Terraform check Block   #explain, #terraform
The "check" block has been introduced in the latest pre-release of Terraform (v1.5.0). This allows practitioners to define assertions based on data source values to verify the state of the infrastructure on an ongoing basis.

Terraform AWS provider 5.0 adds updates to default tags   #build, #terraform
Version 5.0 of the HashiCorp Terraform AWS provider brings improvements to default tags, allowing practitioners to set tags at the provider level.


Open-source temporary elevated access solution for AWS IAM Identity Center.

Run recon tools and vulnerability scans in a distributed way in AWS.

An engine for least privilege principle enforcement on GCP cloud.

AWS IAM Policy Generator
A tool which helps crafting AWS IAM Policies and converting them to IaC.

AWS CloudSaga - Simulate security events in AWS.


Machine to Machine Authentication
Summary of an AWS post aiming to help you decide which approach is best to securely connect your applications, either residing on premises or hosted outside of AWS, to your AWS environment when no human interaction comes into play.

From the cloud providers

AWS Icon  TLS inspection configuration for encrypted traffic and AWS Network Firewall
Post looking into the recently launched TLS inspection configuration for ingress inspection architectures and discussing considerations for enabling this feature.

AWS Icon  Exclude cipher suites at the API gateway using a Network Load Balancer security policy
How to use Amazon Elastic Load Balancing (ELB) to apply a more granular control on the cipher suites that are used between clients and servers when establishing an SSL/TLS connection with Amazon API Gateway.

AWS Icon  How to use AWS IAM Access Analyzer API to automate detection of public access to AWS KMS keys
How to use AWS IAM Access Analyzer programmatically to automate the detection of public access to your resources in an AWS account, and how to work with the Access Analyzer API to create an analyzer and call specific API functions from code.

GCP Icon  Cloud Run now supports sidecar deployments: monitoring agents, proxies and more
Google introduced Cloud Run sidecars, allowing you to start independent sidecar containers that run alongside the main container serving web requests.

GCP Icon  How to Use Log Analytics in Cloud Logging to gain deeper network insights
Log Analytics in Cloud Logging lets you search and aggregate network logs to find network trends and anomalies, and troubleshoot networking issues.

Azure Icon  GA Azure API Management Self-hosted gateway authentication using Azure Active Directory
New authentication method for the Self-hosted gateway with the configuration endpoint.

Azure Icon  Public Preview: GitHub Advanced Security for Azure DevOps
Learn how GitHub Advanced Security for Azure DevOps implements code scanning, secret scanning, and dependency scanning in Azure DevOps.

Azure Icon  Public preview: Secrets volume mounts for Azure Container Apps
You can now mount secrets as volumes in Azure Container Apps.


I'm writing a book! 📖
The CloudSec Engineer will be a book on how to enter, establish yourself, and thrive in the cloud security industry as an individual contributor.
You can sign up to get updates and free samples of the book as I write it at:

Thanks for reading!

If you found this newsletter helpful, I'd really appreciate if you could forward it to your friends and colleagues! 👌

If you have questions, comments, or feedback, let me know on Twitter (@lancinimarco / @CloudSecList), or at!

Forward Forward
Twitter Tweet
Share Share

How did you like this issue of CloudSecList?

1       2       3       4       5

Archives View in browser Sponsorship
© 2019-present, CloudSecList by Marco Lancini.