Release Date: 09/07/2023 | Issue: 195
Know someone who'd find this useful? Forward this email
CloudSecList is a newsletter for busy professionals who want to keep up to date with the cloud security industry. Hand-curated by Marco Lancini.
Sponsor
JupiterOne: Know What You’re Defending Perhaps the biggest problem in cybersecurity today is that companies don’t have a good understanding of what they’re defending. JupiterOne solves this foundational issue by collecting everything you own into a single system of record that includes cloud infrastructure, endpoints, DNS, SaaS apps, and more. It connects the dots using graph-based technologies, allowing you to ask complex Attack Surface Questions, like “Show me all VMware-based systems associated with our crown jewels and that have something facing the internet.” Learn more
The AWS Security Specialty Exam (SCS-C01) got a makeover and will be retiring next week. The new and improved SCS-C01, updated with new content and an added domain is now available.
#aws #explain
Granting a user the unconstrained permission to update Lambda function code in an AWS account can have unexpected, possibly severe, consequences under certain conditions that might not be obvious on first pass.
#attack #aws #iam
More and more engineers are considering integrating Cedar into their own systems for authorization, but what do policy authors need to consider to avoid unexpected outcomes?
#aws #explain #iam
AquaSec identified infrastructure in early stages of testing and deployment of a cloud worm, designed to deploy on exposed JupyterLab and Docker APIs.
#attack #containers
1Password announced that 1Password Service Accounts are now generally available. Service accounts offer a secure, automated way to access infrastructure secrets from CI/CD workflows.
#announcement #ci/cd
Post introducing the concept of Confidential Computing (CC) to improve any computing environment's security and privacy properties, especially Kubernetes.
#explain #kubernetes
Elastic introduce sysgrok, a research prototype investigating how large language models (LLMs) can be applied to problems in the domains of performance optimization, root cause analysis, and systems engineering.
#announcement
Sponsor
Is your CNAPP tool generating many false alerts that your team can't keep up with? If you have 15 minutes, see how CloudDefense.AI can eliminate false alerts by 90-95% by building a code-to-cloud personalized attack path. We have helped companies like Shell, London Stock Exchange, and hundreds of more Fortune 500 companies. Strengthen your business's security today with our exclusive offer: get $50K worth of credit towards our Cloud Security solution and a free cybersecurity check. Get a FREE Cybersecurity Check
Three ways to improve incident response in the cloud, based on insights from the AWS re:Inforce 2023 conference. The strategies include automating response processes, leveraging cloud-native tools, and adopting a proactive approach to security.
The Amazon GuardDuty EKS Runtime Monitoring eBPF security agent now supports EKS workloads that use the Bottlerocket operating system, AWS Graviton processors, and AMD64 processors.
Table-level access allows you to let specific people read data only from a specific set of tables. It applies both for workspace-context and resource-context.
Protect the sensitive data getting stored in your Web Application Firewall (WAF) logs using log scrubbing on Azure's regional Web Application Firewall running on Application Gateway.
In this role, you will collaborate cross-functionally with teams across the company to design and build infrastructure, technical controls, and programs that strengthen our security and privacy practices.