Release Date: 09/07/2023 | Issue: 195
CloudSecList is a newsletter for busy professionals who want to keep up to date with the cloud security industry. Hand-curated by Marco Lancini.

If you received it, you either subscribed or someone forwarded it to you. If you fit in the latter camp and want to subscribe, then you can click on this button:
Sign Up

JupiterOne: Know What You’re Defending
Perhaps the biggest problem in cybersecurity today is that companies don’t have a good understanding of what they’re defending. JupiterOne solves this foundational issue by collecting everything you own into a single system of record that includes cloud infrastructure, endpoints, DNS, SaaS apps, and more.
It connects the dots using graph-based technologies, allowing you to ask complex Attack Surface Questions, like “Show me all VMware-based systems associated with our crown jewels and that have something facing the internet.”
Learn more

This week's articles

Kubernetes logging best practices   #explain, #kubernetes, #monitor
Post discussing Kubernetes logging and the best practices for logging in a Kubernetes environment.

What's New in AWS Certified Security Specialty SCS-C02 Exam in 2023?   #aws, #explain
The AWS Security Specialty Exam (SCS-C01) got a makeover and will be retiring next week. The new and improved SCS-C01, updated with new content and an added domain is now available.

Sometimes What Sounds Benign Can Bite You: An Unexpected Implication of Lambda Privileges   #attack, #aws, #iam
Granting a user the unconstrained permission to update Lambda function code in an AWS account can have unexpected, possibly severe, consequences under certain conditions that might not be obvious on first pass.

Cedar: Avoiding the cracks   #aws, #explain, #iam
More and more engineers are considering integrating Cedar into their own systems for authorization, but what do policy authors need to consider to avoid unexpected outcomes?

Threat Alert: Anatomy of Silentbob's Cloud Attack   #attack, #containers
AquaSec identified infrastructure in early stages of testing and deployment of a cloud worm, designed to deploy on exposed JupyterLab and Docker APIs.

So you want to check image signatures in Kubernetes?   #defend, #kubernetes
Five problems you'll likely encounter when trying to verify signatures at deployment time in Kubernetes.

Securing CI/CD Pipelines with 1Password Service Accounts   #announcement, #ci/cd
1Password announced that 1Password Service Accounts are now generally available. Service accounts offer a secure, automated way to access infrastructure secrets from CI/CD workflows.

Confidential Kubernetes: Use Confidential Virtual Machines and Enclaves to improve your cluster security   #explain, #kubernetes
Post introducing the concept of Confidential Computing (CC) to improve any computing environment's security and privacy properties, especially Kubernetes.

Open-sourcing sysgrok - An AI assistant for analyzing, understanding, and optimizing systems   #announcement
Elastic introduce sysgrok, a research prototype investigating how large language models (LLMs) can be applied to problems in the domains of performance optimization, root cause analysis, and systems engineering.


The 1Password Connect Kubernetes Operator provides the ability to integrate Kubernetes Secrets with 1Password.

GitHub Action to run the Docker Scout CLI as part of your workflows.

Sharable Config Presets for Renovatebot.

An AppEngine application that lets you manage just-in-time privileged access to Google Cloud projects.

A policy-as-code tool that provides analysis for Multi-Cloud and SaaS environments.


Is your CNAPP tool generating many false alerts that your team can't keep up with? If you have 15 minutes, see how CloudDefense.AI can eliminate false alerts by 90-95% by building a code-to-cloud personalized attack path. We have helped companies like Shell, London Stock Exchange, and hundreds of more Fortune 500 companies.
Strengthen your business's security today with our exclusive offer: get $50K worth of credit towards our Cloud Security solution and a free cybersecurity check.
Get a FREE Cybersecurity Check

From the cloud providers

AWS Icon  Three ways to accelerate incident response in the cloud: insights from re:Inforce 2023
Three ways to improve incident response in the cloud, based on insights from the AWS re:Inforce 2023 conference. The strategies include automating response processes, leveraging cloud-native tools, and adopting a proactive approach to security.

AWS Icon  IAM Policies and Bucket Policies and ACLs! Oh, My! (Controlling Access to S3 Resources)
Post discussing S3 Bucket Policies, IAM Policies, and their different use cases.

AWS Icon  Amazon GuardDuty EKS Runtime Monitoring expands operating systems and processor support
The Amazon GuardDuty EKS Runtime Monitoring eBPF security agent now supports EKS workloads that use the Bottlerocket operating system, AWS Graviton processors, and AMD64 processors.

GCP Icon  Configuring Workload Identity Federation for GitHub actions and Terraform Cloud
Workload Identity Federation can be integrated with external providers, such as Gitlab, GitHub actions and Terraform Cloud.

Azure Icon  Public Preview: Ingest events from Azure Event Hubs to Azure Monitor Logs
You can now ingest data directly from an event hub into a Log Analytics workspace.

Azure Icon  Public Preview: Azure Monitor Logs improved table-level RBAC
Table-level access allows you to let specific people read data only from a specific set of tables. It applies both for workspace-context and resource-context.

Azure Icon  Public preview: Sensitive Data Protection for Application Gateway Web Application Firewall logs
Protect the sensitive data getting stored in your Web Application Firewall (WAF) logs using log scrubbing on Azure's regional Web Application Firewall running on Application Gateway.

Azure Icon  Public preview: Azure Virtual Network encryption
Azure Virtual Network encryption allows you to seamlessly encrypt and decrypt traffic between Azure Virtual Machines.


Hiring? Feature your listings below - reach out now at [email protected]

Sr. Cloud Security Engineer - Robinhood
Robinhood Platform Security is looking for a cloud security domain expert to build security controls on AWS.

Staff Cloud Security Engineer - 1Password
In this role, you will collaborate cross-functionally with teams across the company to design and build infrastructure, technical controls, and programs that strengthen our security and privacy practices.

Cloud Security Architect - KPMG Australia
KPMG currently have opportunities for Consultants to Directors across their Cyber Cloud Security Architect & Cyber Defence divisions.

Thanks for reading!

If you found this newsletter helpful, I'd really appreciate if you could forward it to your friends and colleagues! 👌

If you have questions, comments, or feedback, let me know on Twitter (@lancinimarco / @CloudSecList), or at!

Forward Forward
Twitter Tweet
Share Share

How did you like this issue of CloudSecList?

1       2       3       4       5

Archives View in browser Sponsorship
© 2019-present, CloudSecList by Marco Lancini.