Release Date: 10/09/2023 | Issue: 204
CloudSecList is a newsletter for busy professionals who want to keep up to date with the cloud security industry. Hand-curated by Marco Lancini.

If you received it, you either subscribed or someone forwarded it to you. If you fit in the latter camp and want to subscribe, then you can click on this button:
Sign Up

JupiterOne: Know What You’re Defending
Perhaps the biggest problem in cybersecurity today is that companies don’t have a good understanding of what they’re defending. JupiterOne solves this foundational issue by collecting everything you own into a single system of record that includes cloud infrastructure, endpoints, DNS, SaaS apps, and more.
It connects the dots using graph-based technologies, allowing you to ask complex Attack Surface Questions, like “Show me all VMware-based systems associated with our crown jewels and that have something facing the internet.”
Learn more

This week's articles

Strategies for the Integration of Software Supply Chain Security in DevSecOps CI/CD Pipelines   #strategy, #supply-chain
This document from NIST focuses on actionable measures to integrate the various building blocks of SSC security assurance into CI/CD pipelines to prepare organizations to address SSC security in the development and deployment of their cloud-native applications.

Leveraging VSCode Extensions for Initial Access   #attack
The article discusses how to use VSCode extensions for initial access during security assessments. It provides examples of extensions that can be leveraged for reconnaissance, exploitation, and post-exploitation activities, highlighting their capabilities and potential risks.

Cloud Detection and Response Needs To Break Down Boundaries   #defend, #monitor
The attack patterns of the modern day threat actor are changing as they are able to traverse across multiple environments in the cloud. CDR needs to keep up.

7 Ways to Escape a Container   #attack, #containers
Post delving into seven common container escape techniques, shedding light on the essential configurations and minimal Linux capabilities required for each method.

Unpinnable Actions: How Malicious Code Can Sneak into Your GitHub Actions Workflows   #attack, #ci/cd
Action pinning doesn't always offer security. Understand risks stemming from the GitHub Actions ecosystem and learn how to avoid compromise of CI/CD pipeline.

New Attack Vector In The Cloud: Attackers caught exploiting Object Storage Services   #attack
Security Joes Incident Response team recently became aware of a set of relatively new CVEs that were released at the end of March 2023. Surprisingly, these vulnerabilities have received little to no media coverage regarding their ease of exploitation and the potential security implications they pose to any cluster running a non-native object storage.

Certified-Kubernetes-Security-Specialist   #explain, #kubernetes
Curated resources help you prepare for the CNCF CKS "Kubernetes Certified Security Specialist" Certification exam.

Lessons from Recent Social Engineering Attacks on Okta Super Admin Accounts   #defend, #iam
Post exploring the latest Okta security incidents and explaining how to fortify your IAM system against social engineering attacks.


Generates runbooks for GuardDuty findings. You can also refer to the companion blog post.

Scripts and IaC to create a ransomware resilient AWS Backup System. You can also refer to the companion blog post.

Buzzer is a fuzzer toolchain that allows to write eBPF fuzzing strategies.

A utility to safely generate malicious network traffic patterns and evaluate controls.

Uses the AWS Cloud Control API to list resources that are present in a given AWS account and region(s).


Opal – Modern Identity Security
Opal is designed to give teams the building blocks for identity-first security: view authorization paths, manage risk, and seamlessly apply intelligent policies built to grow with your organization.

Opal is used by best-in-class security teams today, such as Blend, Databricks, Exelixis, Figma, Scale AI, and more. There is no one-size-fits-all when it comes to access, but Opal provides the data foundation to scale least privilege the right way.

From the cloud providers

AWS Icon  Discover the benefits of AWS WAF advanced rate-based rules
Post explaining these new AWS WAF feature enhancements and how you can use alternative request attributes to create more robust and granular sets of rules.

AWS Icon  Establishing a data perimeter on AWS: Allow access to company data only from expected networks
Post explaining the elements needed to build the network perimeter, including policy examples and strategies on how to extend that perimeter.

AWS Icon  How to enforce DNS name constraints in AWS Private CA
Post walking step-by-step through the process of applying DNS name constraints to a subordinate CA by using the AWS Private CA service.

AWS Icon  Two real-life examples of why limiting permissions works: Lessons from AWS CIRT
Post exploring two examples where limiting privilege provided positive results during a security event.

AWS Icon  Automatically detect and block low-volume network floods
How to deploy a solution that uses Lambda to automatically manage the lifecycle of VPC Network Access Control List (ACL) rules to mitigate network floods detected using CloudWatch Logs Insights and Amazon Timestream.

Azure Icon  Azure Firewall: Explicit Proxy is now in public preview
This configuration allows traffic from the sending application to be directed to the private IP address of the firewall, facilitating direct egress from the firewall without the need for a UDR.

Azure Icon  Public Preview: Azure Log Alerts support for Azure Resource Graph (ARG)
Azure now introducing support for running queries also on Azure Resource Graph (ARG) tables, and even joining data between Azure Resource Graph (ARG) data sources from your Log Analytics workspace and Application Insights resources in a single query.

Azure Icon  Generally Available: Azure Monitor VM Insights using Azure Monitor Agent
VM Insights using Azure Monitor Agent provides various benefits like cost savings, simplified management experience and enhanced security & performance.

Azure Icon  Announcing Notation Azure Key Vault plugin v1.0 for signing container images
The Notary Project is being adopted by Azure Key Vault.


Hiring? Feature your listings below - reach out now at [email protected]

Staff Security Engineer, Detection and Response - Robinhood
Robinhood is looking for people to join their team, which specializes in detection engineering, automation, and incident response.

Cloud Security Architect - H&M Group
As a Cloud Security Architect at H&M Group, you will play a critical role in ensuring the security and compliance of their Azure platform.

SSE/Staff Site Reliability Engineer - Zscaler
Zscaler is looking for Engineers to work across their cloud based products and tech stack comprising of Kubernetes, AWS, Terraform, and Ansible.

Cloud Security - Fannie Mae
Fannie Mae is looking for engineers to work on the development of processes and procedures for designing and implementing components of technological structures.

Thanks for reading!

If you found this newsletter helpful, I'd really appreciate if you could forward it to your friends and colleagues! 👌

If you have questions, comments, or feedback, let me know on Twitter (@lancinimarco / @CloudSecList), or at!

Forward Forward
Twitter Tweet
Share Share

How did you like this issue of CloudSecList?

1       2       3       4       5

Archives View in browser Sponsorship
© 2019-present, CloudSecList by Marco Lancini.