Release Date: 03/09/2023 | Issue: 203
CloudSecList is a newsletter for busy professionals who want to keep up to date with the cloud security industry. Hand-curated by Marco Lancini.

If you received it, you either subscribed or someone forwarded it to you. If you fit in the latter camp and want to subscribe, then you can click on this button:
Sign Up
Sponsor CloudSecList

Sponsorship reservations for 2024 are now available!
If you want to get your company or product in front of thousands of security professionals, ranging from engineers to CISOs and VCs, at companies ranging from small start-ups to Fortune500 and FAANG, you can find out more at

This week's articles

Getting into AWS cloud security research   #strategy
How to start doing AWS security research. What you need to learn, who you should learn from, and what you should think about along the way while not actually doing research.

Build your own SLSA 3+ provenance builder on GitHub Actions   #build, #ci/cd, #supply-chain
Thanks to the "Bring Your Own Builder" framework, it's now possible for maintainers of existing GitHub Actions to start producing SLSA Level 3 provenance attestations.

Authorizing cross-account KMS access with aliases   #aws, #build
KMS aliases are a great way to make KMS keys more convenient. But permitting one account to use an KMS key in another account through a KMS alias can be difficult. This article explains why, and how to solve the problem correctly.

Falco-bypasses   #attack, #falco
Research on various techniques to bypass default falco ruleset.

How to Detect When an Azure Guest User Account Is Being Exploited   #attack, #azure
In Azure environments, guest users are the go-to option when giving access to a user from a different tenant. However, this could prove to be a costly mistake.

5 Tips to prevent or limit the impact of an incident in Azure   #azure, #defend
Five low-cost and easy to implement measures with high-impact to prevent or limit the impact of an incident in Azure: setup budget quotas, restrict app registration, prevent subscriptions from entering your tenant, ingest audit logging, and limit external collaboration.

Grafana security update: GPG signing key rotation   #attack
Grafana signing keys have been exposed. Be sure to update their trusted certificate if you are a Grafana user.

Verifying images in a private Amazon ECR with Kyverno and IAM Roles for Service Accounts (IRSA)   #aws, #build, #containers
Applications, such as Kyverno, running within a Pod's containers can utilize the AWS SDK to make API requests to AWS services by leveraging AWS Identity and Access Management (IAM) permissions.


stratus-red-team v2.9.0
Stratus Red Team now features 3 attack techniques to simulate ransomware activity.

A demo to show how you can use Cedar in Python, with a simple Flask based web application.

Terraform templates that help you learn about common Azure security issues. Each template is a vulnerable environment, with some significant misconfigurations.

An offensive and defensive security toolset for Microsoft 365 Power Platform.

K8s Network Policy Migrator is a tool to migrate Calico or Cilium custom network policies to Kubernetes native network policy.


Applying the Principles of Zero Trust to SSH
Zero Trust security strategies are essential for managing the security threats of today's complex, highly distributed infrastructures. In this brief article, learn how you can securely access resources in cloud-native, hybrid cloud, or legacy environments without broad, static rights using the right tools. This should also facilitate access and keep the user experience the same or make it better.

From the cloud providers

AWS Icon  Improve your security investigations with Detective finding groups visualizations
Post showing how Detective automatically consolidates multiple security findings into a single security event, and how finding groups visualizations help reduce noise and prioritize findings that present true risk.

AWS Icon  Validate IAM policies by using IAM Policy Validator for AWS CloudFormation and GitHub Actions
How to automate the validation of IAM policies by using a combination of the IAM Policy Validator for AWS CloudFormation (cfn-policy-validator) and GitHub Actions.

GCP Icon  New AI capabilities that can help address your security challenges
At Next'23, Google announced new security features of Duet AI, as well as bringing innovation and enhancements across their security operations and cloud platforms.

GCP Icon  Shifting down: a new way to cloud for developers
Google is trying to introduce new way to cloud for developers that favors "shifting down" over "shifting left", for a cloud experience that is easy, fast, and secure.

GCP Icon  Introducing Mandiant Hunt for Chronicle to help you uncover hidden threats in real-time
Announced at Next'23, Mandiant Hunt integrates frontline intelligence and expertise into Chronicle Security Operations to search for undetected attacks.

Azure Icon  Proactively secure your AWS Cloud Resources with Microsoft Defender for Cloud
Post walking through a few scenarios of misconfigured AWS Cloud resources and how Microsoft Defender for Cloud can help proactively identify misconfigurations and allow security teams prevent risks and remediate quickly.

Azure Icon  Defender for APIs Better Together with WAF and APIM
Post diving into how Defender for APIs augments the security offered by Azure Web Application Firewall (Azure WAF) and Azure API Management (APIM).

Azure Icon  Public Preview: Azure Container Apps supports environment level mTLS encryption
You can now encrypt traffic transmitted between applications within an environment using mTLS.


Hiring? Feature your listings below - reach out now at [email protected]

Principal DevSecOps Engineer - Accenture Federal Services
AFS is seeking a Principal DevSecOps Engineer to be responsible for building and setting up new development tools and infrastructure utilizing knowledge in continuous integration, delivery, and deployment (CI/CD), Cloud technologies, Container Orchestration and Security.

Sr Principal Software Engineer - Palo Alto Networks
Palo Alto is looking to grow their Cloud Security/Virtualization team, tasked with building their next-generation cloud security offerings on public and private cloud.

Cloud Security Engineer - Rackspace
Rackspace Cyber Defence is looking for an Indian based Security Engineer, with a specialism in Cloud Security to support Rackspace's strategic customers.

Thanks for reading!

If you found this newsletter helpful, I'd really appreciate if you could forward it to your friends and colleagues! 👌

If you have questions, comments, or feedback, let me know on Twitter (@lancinimarco / @CloudSecList), or at!

Forward Forward
Twitter Tweet
Share Share

How did you like this issue of CloudSecList?

1       2       3       4       5

Archives View in browser Sponsorship
© 2019-present, CloudSecList by Marco Lancini.