Release Date: 02/07/2023 | Issue: 194
Know someone who'd find this useful? Forward this email
CloudSecList is a newsletter for busy professionals who want to keep up to date with the cloud security industry. Hand-curated by Marco Lancini.
Introducing the "Jobs" Section! As pre-announced on Twitter, I am introducing a new section in the newsletter: Jobs! Looking for a job? Looking to hire? Check out the new Jobs section below!
The NSA and CISA are releasing a cybersecurity information sheet to provide recommendations and best practices for improving defenses in cloud implementations of development, security, and operations (DevSecOps).
#ci/cd #defend
Reduce the size of your Kubernetes containers to reduce security vulnerabilities CVE. Some tools to make this happen: Chainguard Apko and Melange, Buildpacks.io, WolfiOS.
#build #containers #kubernetes
The article discusses the importance of using Terraform lockfiles. It explains how lockfiles work, why they are necessary, and provides practical examples on how to use them effectively in Terraform projects.
#explain #terraform
While doing research on Microsoft SQL (MSSQL) Server, a GoSecure ethical hacker found an unorthodox design choice that ultimately led to a web application firewall (WAF) bypass.
#attack #aws
Sponsor
Teleport Assist: AI-powered conversation with your infrastructure Teleport Assist utilizes GPT-4 to answer questions, bring insights, perform operations and request access to your infrastructure using natural language. Teleport Assist can act as an assistant, running playbook and queries with your permissions. Try Teleport Assist for free for 14 days with Teleport Team
EarlyBird is a sensitive data detection tool capable of scanning source code repositories for clear text password violations, PII, outdated cryptography methods, key files and more.
A fully managed service that aggregates and normalizes security data across SaaS applications to improve observability and help reduce operational effort and cost with no integration work necessary.
The interface is designed to streamline the security management of your GKE clusters, and now includes a range of powerful features such as misconfiguration detection and vulnerability scanning.
New and existing Google Cloud customers can migrate their sensitive data to the cloud with greater confidence thanks to the newly CDMC-certified architecture.