Release Date: 25/06/2023 | Issue: 193
CloudSecList is a newsletter for busy professionals who want to keep up to date with the cloud security industry. Hand-curated by Marco Lancini.

If you received it, you either subscribed or someone forwarded it to you. If you fit in the latter camp and want to subscribe, then you can click on this button:
Sign Up
It's survey time!
Dear readers, I’d like to check in with you and hear your thoughts on CloudSecList, because your feedback holds immense value to me.
I am constantly seeking ways to enhance and improve, which is why I would greatly appreciate it if you could spare a few minutes (< 5) to share your insights through a brief survey.

Your SOC 2 Audit Checklist
Type 1 or Type 2? SOC 2 or ISO 27001? What qualifies as evidence?
These are some of the most commonly asked questions from companies considering a SOC 2 attestation. We’ve compiled a comprehensive guide to demystify the process and help you confidently prepare for a successful audit.
100% of our customers have passed their SOC 2 audit - learn how they did it, and how you can too!
Read More

This week's articles

Analyzing Volatile Memory on a Google Kubernetes Engine Node   #gcp, #kubernetes, #monitor
Post explaining in detail how memory analysis works and how it can be used on any GKE node in production today.

Implement DevSecOps to Secure your CI/CD pipeline   #ci/cd, #defend
A thorough introduction which provides a step-by-step guide to implementing DevSecOps in a CI/CD pipeline.

AWS CloudTrail cheat sheet   #aws, #monitor
An attempt to document CloudTrail events that are "interesting" for incident responders or detection engineers.

A less suspect way to get external IP's, thanks to Cloudflare   #attack, #cloudflare
You can use any Cloudflare protected site to retrieve your external IP address, thanks to a script offered by the CDN.

CloudGoat Vulnerable Lambda Scenario - Part 2 (Response)   #attack, #aws, #defend
As an incident responder, walk through how we can investigate and resolve an ongoing attack targeting CloudGoat's vulnerable Lambda scenario.

Erosion of Trust: Unmasking Supply Chain Vulnerabilities in the Terraform Registry   #attack, #terraform
Unlike providers, modules do not benefit from the cryptographic guarantee provided by the Dependency Lock File, resulting in potential security threats.

Kubernetes Security Basics Series: Part II - Container Security   #containers, #defend
Containers share the same kernel and potential vulnerabilities can pose risks to the host and other containers. Implementing security measures like namespace partitioning, control groups, seccomp, AppArmor, SELinux, and vulnerability scanning can help mitigate these risks.

nOAuth: How Microsoft OAuth Misconfiguration Can Lead to Full Account Takeover   #attack, #azure
An implementation flaw discovered in Microsoft Azure AD OAuth applications that, when exploited, could lead to full account takeover.

Bringing Transparency to Confidential Computing with SLSA   #announcement, #supply-chain
Google's Project Oak is a research effort that relies on the confidential computing paradigm to build an infrastructure for processing sensitive user data in a secure and privacy-preserving way.

Vault 1.14 brings ACME for PKI, AWS roles, and more improvements   #announcement, #hashicorp, #vault
HashiCorp Vault 1.14 includes the Vault Secrets Operator GA, ACME PKI, and a new OpenLDAP secrets engine.

The principle of minimalism   #strategy
The principle of minimalism in engineering, where your default should be the lowest-common denominator of what you actually need.


Escalate your SSRF vulnerabilities on Modern Cloud Environments.

Automated Audit Log Forensic Analysis for Google Workspace
You can use this tool to acquire all Google Workspace audit logs and to perform automated forensic analysis on the audit logs using statistics and the MITRE ATT&CK Cloud Framework.

A threat modeling tool to help reduce time-to-value when threat modeling.

An AI-powered tool for discovering privilege escalation opportunities in AWS IAM configurations.


Prevent cyberattacks from hurting your business with NordPass, a password manager designed by the team behind NordVPN. It's the only password manager using the XChaCha20 encryption algorithm, considered the future of encryption. NordPass Business has been audited by Cure53 and is ISO 27001 and SOC 2 Type 1 certified.

NordPass is an intuitive tool that your employees will actually use. And that's ideal because password managers work their best magic when everyone in the company uses them. But if your team needs help, NordPass offers tech support 24/7.
Get started with a 14-day free trial

From the cloud providers

AWS Icon  Policy-based access control in application development with Amazon Verified Permissions
Post exploring policy-based access control (PBAC) and how it can be used in application development using Amazon Verified Permissions.

AWS Icon  AWS announces Software Bill of Materials export capability in Amazon Inspector
Amazon Inspector now offers the ability to export a consolidated Software Bill of Materials (SBOMs) for all Amazon Inspector monitored resources across your organization in industry standard formats, including CycloneDx and SPDX.

AWS Icon  AWS IAM now supports FIDO2 for multi-factor authentication in AWS GovCloud (US) Regions
This new capability expands the existing MFA functionality by introducing additional options such as FIPS-validated security keys.

GCP Icon  Introducing client authentication with Mutual TLS on Google Cloud Load Balancing
With support for front-end mutual TLS (mTLS), you can now offload client certificate authentication using External HTTPS Load Balancing.

GCP Icon  What's new in Assured Workloads: Region expansion, TLS version restrictions, new supported services
New features and services come to Assured Workloads, which can help organizations achieve and maintain compliance around the world without refactoring.

GCP Icon  Cloud Architect Accelerated Learning Path for AWS professionals
This learning path helps AWS professionals translate their existing AWS knowledge to Google Cloud knowledge, while also preparing them for the Professional Google Cloud Architect Certification.

GCP Icon  Google Cloud CDMC Reference Architecture
This guide provides the detailed instructions and technical artefacts required to stand up a Google Cloud architecture compliant with the 14 Controls of the EDMCouncil Cloud Data Management Capabilities (CDMC).

Thanks for reading!

If you found this newsletter helpful, I'd really appreciate if you could forward it to your friends and colleagues! 👌

If you have questions, comments, or feedback, let me know on Twitter (@lancinimarco / @CloudSecList), or at!

Forward Forward
Twitter Tweet
Share Share

How did you like this issue of CloudSecList?

1       2       3       4       5

Archives View in browser Sponsorship
© 2019-present, CloudSecList by Marco Lancini.