Release Date: 11/06/2023 | Issue: 191
CloudSecList is a newsletter for busy professionals who want to keep up to date with the cloud security industry. Hand-curated by Marco Lancini.

If you received it, you either subscribed or someone forwarded it to you. If you fit in the latter camp and want to subscribe, then you can click on this button:
Sign Up
Sponsor

JupiterOne: Know What You’re Defending
Perhaps the biggest problem in cybersecurity today is that companies don’t have a good understanding of what they’re defending. JupiterOne solves this foundational issue by collecting everything you own into a single system of record that includes cloud infrastructure, endpoints, DNS, SaaS apps, and more.
It connects the dots using graph-based technologies, allowing you to ask complex Attack Surface Questions, like “Show me all VMware-based systems associated with our crown jewels and that have something facing the internet.”
Learn more

This week's articles


The Big IAM Challenge   #aws, #iam
A CTF challenge created to boost your AWS IAM knowledge.


Practical Dependency Management for Developers   #build, #ci/cd, #defend, #supply-chain
Some useful tips on wrangling dependencies from someone who worked on large-scale projects, CI/CD, build tools, and more.


7 lesser-known AWS SSM Document techniques for code execution   #attack, #aws
A deep dive into AWS SSM Run Command shows that there are multiple documents attackers can use for executing code remotely on EC2 instances.


Scaling Authorization with Cedar and OPAL   #aws, #build, #iam
A practical tutorial to build a comprehensive Cedar-based application authorization system.


OneDrive to Enum Them All   #attack, #azure, #microsoft
TrustedSec researchers have discovered a OneDrive enumeration vulnerability that could allow an attacker to discover the email addresses of OneDrive users. You can also refer to the companion tool.


Confused Deputy Vulnerability in Cloudflare CASB   #attack, #cloudflare
A vulnerability in Cloudflare CASB that enabled to view sensitive information about other customers' Microsoft and GitHub organizations. This included employee names/emails, links to SharePoint files, repository names/descriptions and more.


Implementing machine-to-machine authentication for services behind an AWS ALB with OIDC   #aws, #build
Post delving into the possibilities of enforcing machine-to-machine (m2m) authentication using OIDC (OpenID Connect) at a high level when utilizing an AWS ALB.


We reported a security issue in AWS CDK's eks.Cluster component   #attack, #aws
Two sleuthing SREs uncovered an AWS security issue. Here's how they found it, why it matters, and what you need to do to resolve it.


Using Cloud Securely: The Config Doom Question   #defend, #strategy
Customers do not know how to configure cloud services securely.

Tools


regal
Regal is a linter for Rego.


azure-iac-workshop-content
Labs to help people learn how to write and work with infrastructure as code in Azure.


jupyter-notebook-for-incident-response
A library of Incident Response notebooks using Jupyter.


sensitive-data-protection-on-aws
A reference implementation that allows to create data catalogs, discover, protect, and visualize sensitive data across multiple AWS accounts.


freedata
A project for free (maybe) egress from EC2 instances using Tailscale and Session Manager.


aws-api-models
A collection of documented and undocumented AWS API models.

Sponsor

If you had one hour, how would you improve your cloud security?
Prioritization and alert fatigue are the industry's two leading problems. CloudDefense.AI is able to reduce false alerts by 90-95% by building a code-to-cloud attack path map. CloudDefense provides personalized vulnerability prioritization based on your cloud deployment (just like Amazon provides you personalized recommendations) so you can get up to 5X the value over other security tools.
Learn More, get the FREE white paper today!

From the cloud providers




AWS Icon  Amazon Route 53 now integrates with Amazon GuardDuty threat intelligence
You can now enable a new Managed Domain List on Amazon Route 53 Resolver DNS Firewall, to block domains identified as low-reputation or that are known or suspected to be malicious by Amazon GuardDuty's threat intelligence.


AWS Icon  Announcing Container Image Signing with AWS Signer and Amazon EKS
Amazon announced the launch of AWS Signer Container Image Signing, a new capability that gives customers native AWS support for signing and verifying container images stored in container registries like ECR.


AWS Icon  Temporary elevated access management with IAM Identity Center
A temporary elevated access management solution that integrates with AWS IAM Identity Center and allows you to manage temporary elevated access to your multi-account AWS environment.


AWS Icon  Amazon CloudWatch Logs data protection account level policy configuration
Amazon CloudWatch Logs announce support for account level data protection policy configuration: you can now create a data protection policy that will be applied to all existing and future log groups within your AWS account.


GCP Icon  Google Cloud offers customers financial help for cryptomining attacks
Google Cloud now offers Security Command Center Premium customers $1 million of protection against cryptomining attacks.


GCP Icon  Announcing general availability of Cloud Firewall threat intelligence and geo-location features
Four new Cloud Firewall features are now generally available, including threat intelligence, geo-location objects, address groups, and local IP ranges.


GCP Icon  Introducing Google's Secure AI Framework
Google released released the Secure AI Framework to help collaboratively secure AI technology.


GCP Icon  Google Workspace Updates: Simplify and strengthen sign-in by enabling passkeys for your users, available now in open beta
Google Workspace is enabling the use of passkeys as a simpler and safer alternative to passwords to sign-in to Google Accounts.

Thanks for reading!
If you found this newsletter helpful, I'd really appreciate if you could forward it to your friends and colleagues! 👌

If you have questions, comments, or feedback, let me know on Twitter (@lancinimarco / @CloudSecList), or at feedback.cloudseclist.com!

Thanks,
Marco
Forward Forward
Twitter Tweet
Share Share

How did you like this issue of CloudSecList?

1       2       3       4       5

Archives View in browser Sponsorship
© 2019-present, CloudSecList by Marco Lancini.