Release Date: 09/07/2023 | Issue: 195
Know someone who'd find this useful? Forward this email
CloudSecList is a newsletter for busy professionals who want to keep up to date with the cloud security industry. Hand-curated by Marco Lancini.
Sponsor

JupiterOne: Know What You’re Defending
Perhaps the biggest problem in cybersecurity today is that companies don’t have a good understanding of what they’re defending. JupiterOne solves this foundational issue by collecting everything you own into a single system of record that includes cloud infrastructure, endpoints, DNS, SaaS apps, and more.
It connects the dots using graph-based technologies, allowing you to ask complex Attack Surface Questions, like “Show me all VMware-based systems associated with our crown jewels and that have something facing the internet.”
Learn more

This week's articles


Kubernetes logging best practices
Post discussing Kubernetes logging and the best practices for logging in a Kubernetes environment.   #explain   #kubernetes   #monitor


What's New in AWS Certified Security Specialty SCS-C02 Exam in 2023?
The AWS Security Specialty Exam (SCS-C01) got a makeover and will be retiring next week. The new and improved SCS-C01, updated with new content and an added domain is now available.   #aws   #explain


Sometimes What Sounds Benign Can Bite You: An Unexpected Implication of Lambda Privileges
Granting a user the unconstrained permission to update Lambda function code in an AWS account can have unexpected, possibly severe, consequences under certain conditions that might not be obvious on first pass.   #attack   #aws   #iam


Cedar: Avoiding the cracks
More and more engineers are considering integrating Cedar into their own systems for authorization, but what do policy authors need to consider to avoid unexpected outcomes?   #aws   #explain   #iam


Threat Alert: Anatomy of Silentbob's Cloud Attack
AquaSec identified infrastructure in early stages of testing and deployment of a cloud worm, designed to deploy on exposed JupyterLab and Docker APIs.   #attack   #containers


So you want to check image signatures in Kubernetes?
Five problems you'll likely encounter when trying to verify signatures at deployment time in Kubernetes.   #defend   #kubernetes


Securing CI/CD Pipelines with 1Password Service Accounts
1Password announced that 1Password Service Accounts are now generally available. Service accounts offer a secure, automated way to access infrastructure secrets from CI/CD workflows.   #announcement   #ci/cd


Confidential Kubernetes: Use Confidential Virtual Machines and Enclaves to improve your cluster security
Post introducing the concept of Confidential Computing (CC) to improve any computing environment's security and privacy properties, especially Kubernetes.   #explain   #kubernetes


Open-sourcing sysgrok - An AI assistant for analyzing, understanding, and optimizing systems
Elastic introduce sysgrok, a research prototype investigating how large language models (LLMs) can be applied to problems in the domains of performance optimization, root cause analysis, and systems engineering.   #announcement

Sponsor

Is your CNAPP tool generating many false alerts that your team can't keep up with? If you have 15 minutes, see how CloudDefense.AI can eliminate false alerts by 90-95% by building a code-to-cloud personalized attack path. We have helped companies like Shell, London Stock Exchange, and hundreds of more Fortune 500 companies.
Strengthen your business's security today with our exclusive offer: get $50K worth of credit towards our Cloud Security solution and a free cybersecurity check.
Get a FREE Cybersecurity Check

Tools


onepassword-operator
The 1Password Connect Kubernetes Operator provides the ability to integrate Kubernetes Secrets with 1Password.


scout-action
GitHub Action to run the Docker Scout CLI as part of your workflows.


renovate-config
Sharable Config Presets for Renovatebot.


jit-access
An AppEngine application that lets you manage just-in-time privileged access to Google Cloud projects.


selefra
A policy-as-code tool that provides analysis for Multi-Cloud and SaaS environments.

From the cloud providers


#AWS   Three ways to accelerate incident response in the cloud: insights from re:Inforce 2023
Three ways to improve incident response in the cloud, based on insights from the AWS re:Inforce 2023 conference. The strategies include automating response processes, leveraging cloud-native tools, and adopting a proactive approach to security.


#AWS   IAM Policies and Bucket Policies and ACLs! Oh, My! (Controlling Access to S3 Resources)
Post discussing S3 Bucket Policies, IAM Policies, and their different use cases.


#AWS   Amazon GuardDuty EKS Runtime Monitoring expands operating systems and processor support
The Amazon GuardDuty EKS Runtime Monitoring eBPF security agent now supports EKS workloads that use the Bottlerocket operating system, AWS Graviton processors, and AMD64 processors.


#GCP   Configuring Workload Identity Federation for GitHub actions and Terraform Cloud
Workload Identity Federation can be integrated with external providers, such as Gitlab, GitHub actions and Terraform Cloud.


#AZURE   Public Preview: Ingest events from Azure Event Hubs to Azure Monitor Logs
You can now ingest data directly from an event hub into a Log Analytics workspace.


#AZURE   Public Preview: Azure Monitor Logs improved table-level RBAC
Table-level access allows you to let specific people read data only from a specific set of tables. It applies both for workspace-context and resource-context.


#AZURE   Public preview: Sensitive Data Protection for Application Gateway Web Application Firewall logs
Protect the sensitive data getting stored in your Web Application Firewall (WAF) logs using log scrubbing on Azure's regional Web Application Firewall running on Application Gateway.


#AZURE   Public preview: Azure Virtual Network encryption
Azure Virtual Network encryption allows you to seamlessly encrypt and decrypt traffic between Azure Virtual Machines.

Jobs

Hiring? Feature your listings below - reach out now at [email protected]

Sr. Cloud Security Engineer - Robinhood
Robinhood Platform Security is looking for a cloud security domain expert to build security controls on AWS.


Staff Cloud Security Engineer - 1Password
In this role, you will collaborate cross-functionally with teams across the company to design and build infrastructure, technical controls, and programs that strengthen our security and privacy practices.


Cloud Security Architect - KPMG Australia
KPMG currently have opportunities for Consultants to Directors across their Cyber Cloud Security Architect & Cyber Defence divisions.

Thanks for reading!

If you found this newsletter helpful, I'd really appreciate if you could forward it to your friends and colleagues! 👌

If you have questions, comments, or feedback, let me know on Twitter (@lancinimarco / @CloudSecList), or at feedback.cloudseclist.com!

Thanks,
Marco
Forward Forward
Twitter Tweet
Share Share

How did you like this issue of CloudSecList?

1       2       3       4       5

Archives View in browser Sponsorship
© 2019-present CloudSecList · Marco Lancini