Release Date: 08/09/2019 | Issue: 2
The Cloud Security Reading List is a low volume mailing list (once per week) that highlights security-related news focused on the cloud native landscape,
hand curated by Marco Lancini.

This week's articles


Kubernetes Pod Escape Using Log Mounts
How a pod running as root and with a mount point to the node's /var/log directory can expose the entire contents of its host filesystem to any user who has access to its logs. Also interesting for understanding how 'kubectl logs' works.


DNS Spoofing on Kubernetes Clusters
How an attacker who manages to run malicious code on a cluster can successfully spoof DNS responses to all the applications running on the cluster, and from there execute a MITM attack on all network traffic of pods.


Gaining Persistency on Vulnerable Lambdas
How an attacker can persist on a vulnerable Lambda instance and gain access to other invocations. With the release of a companion tool.


Adopting Istio for a multi-tenant kubernetes cluster in Production
A company's journey with Istio, highlighting their Istio adoption strategy and overall journey so far.


Network Architecture Design for Microservices on GCP
Nice post which focuses on how to design a microservices network architecture on GCP.


GSuite user & groups now in Cartography
If you haven't used Cartography yet, I highly recommend to take a look at it.


Did you know that the Kubernetes community has a set of icons in their GitHub repo?
These icons are a way to standardize Kubernetes architecture diagrams for presentations.

Website
Twitter
Sponsor Me
View this email in your browser Copyright © 2019-present The Cloud Security Reading List.