Release Date: 24/09/2023 | Issue: 206
Know someone who'd find this useful? Forward this email
CloudSecList is a newsletter for busy professionals who want to keep up to date with the cloud security industry. Hand-curated by Marco Lancini.
Sponsor

Ever Wondered Who Still Has Access to Your Tools Post-Offboarding?
Mismanaged exits have led to breaches in 20% of businesses. While SaaS tools like Atlassian and Slack might be on your radar, it's the unexpected ones in Shadow IT that can catch you off guard. Resmo provides a comprehensive sweep, ensuring no access is left unchecked.
๐Ÿ‘‰ Don't let oversight be your downfall. Start securing your SaaS stack.

This week's articles


How to Rotate Leaked API Keys
A collection of API key rotation tutorials for AWS, GCP, GitHub , and more.   #aws   #azure   #ci/cd   #defend   #gcp


Source Code Management Platform Configuration Best Practices
Guide exploring the best practices for securing GitHub and GitLab, covering topics that include user authentication, access control, permissions, monitoring, and logging.   #ci/cd   #defend


When MFA isn't actually MFA
Retool experienced a security breach due to a spear phishing attack in August 2023. Attackers used social engineering tactics, compromising an employee's Google Authenticator, which exposed multi-factor authentication (MFA) codes.   #attack   #saas


AWS's Hidden Threat: AMBERSQUID Cloud-Native Cryptojacking Operation
The Sysdig Threat Research Team (TRT) has uncovered a novel cloud-native cryptojacking operation which they've named AMBERSQUID. This operation leverages AWS services not commonly used by attackers, such as AWS Amplify, AWS Fargate, and Amazon SageMaker.   #attack   #aws


The MGM Breach and the Role of IdP in Modern Cyber Attacks
A deep dive into the recent MGM breach and some insights into the actor behind the attack and possible mitigations.   #attack   #iam   #saas


38TB of data accidentally exposed by Microsoft AI researchers
Wiz Research found a data exposure incident on Microsoft's AI GitHub repository, including over 30,000 internal Microsoft Teams messages - all caused by one misconfigured SAS token.   #attack   #azure


Security flaws in an SSO plugin for Caddy
The Trail of Bits team identified 10 security vulnerabilities within the caddy-security plugin for the Caddy web server that could enable a variety of high-severity attacks in web applications, including client-side code execution, OAuth replay attacks, and unauthorized access to resources.   #attack


Ransomware Strikes Azure Storage: Are You Ready?
Post discussing Azure Storage Accounts, pointing out forensic artifacts in Azure that can help investigate ransomware attacks, and offering methods for attack detection.   #attack   #azure   #defend


Maintaining persistence via Shared sessions on Cloud Workstations
When an owner initiates a session and performs actions like gcloud auth login, the session state persists, shared across multiple users accessing the workstation through the same URL. This means that any user with access to the workstation can view and interact with the session artifacts created by the owner.   #attack   #gcp


Passkeys are generally available on GitHub
All GitHub.com users can now register a passkey to sign in without a password.   #announcement   #ci/cd

Sponsor

CNAPP for Dummies
Wiz partnered with Wiley to create the Cloud Native Application Protection Platform (CNAPP) for Dummies eBook. This free 48-page PDF includes everything you *need* to know to secure the changing landscape of cloud-native applications and protect your cloud environment today. Youโ€™ll learn:
  • The fundamentals of cloud-native security
  • Powerful tactics to strengthen security measures
  • Best practices for getting started
  • Techniques to shift security up the pipeline (and ahead of threats)
  • 10 strategies for maximizing the potential of your CNAPP
Get your free guide here.

Tools


iamlive
Iamlive, which generates least privilege roles by intercepting network calls to your cloud environment, now supports also Azure and GCP.


cap
A collection of authentication Go packages related to OIDC, JWKs, Distributed Claims, LDAP.


dockle
Container image linter for security.


pmv
PMV is a tiny utility for working with the 1password CLI.


aws-customer-playbook-framework
A repository providing sample templates for security playbooks against various scenarios when using AWS.

From the cloud providers


#AWS   Manage roles and entitlements with PBAC using Amazon Verified Permissions
Post covering roles and entitlements, how they are applicable in apps authorization decisions, how customers implement roles and authorization in their app today, and how to shift to a centralized PBAC model by using Amazon Verified Permissions.


#AWS   How to implement cryptographic modules to secure private keys used with IAM Roles Anywhere
How you can use PKCS #11-compatible cryptographic modules, such as YubiKey 5 Series and Thales ID smart cards, with your on-premises servers to securely store private keys.


#GCP   Introducing the unified Chronicle Security Operations platform
Chronicle's latest update unifies our SOAR and SIEM solutions, integrates Mandiant's attack surface management technology, and offers more robust application of threat intelligence.


#GCP   Managed service egress with Private Service Connect interfaces
New PSC interfaces allow a service producer to access a consumer's network, while maintaining the separation of producer and consumer roles.


#GCP   Go from logs to security insights faster with Dataform and Community Security Analytics
The open-source Community Security Analytics (CSA) provides pre-built queries and reports you can use on top of Log Analytics powered by BigQuery.


#GCP   Manage infrastructure with Workload Identity Federation and Terraform Cloud
Terraform Cloud workspaces integrate with Workload Identity Federation to authenticate and then impersonate Google Cloud service accounts.


#AZURE   Authenticate Azure Monitor logs connector in Logic App with managed identity
When you enable managed identity authentication in Logic App and grant it permissions in Log Analytics workspace or Application Insights component, you can query data without needing to provide credentials, secrets, or Azure AD tokens, for Azure Monitor Logs connector authentication.


#AZURE   General Availability: GitHub Advanced Security for Azure DevOps
How to enable GitHub Advanced Security for Azure DevOps code scanning, secret scanning, and dependency scanning in Azure DevOps and connect to Microsoft Defender for Cloud.

Jobs

Hiring? Feature your listings below - reach out now at [email protected]

Senior Security Engineer, Threat Detection & Response - Airbnb
The Threat Detection and Response team (TDR) at Airbnb is focused on automating security detection, responding to security incidents, and working with partner teams to build capabilities that support the incident lifecycle.


Senior Cloud Security Engineer - Snowflake
Snowflake is looking for experts in cloud security architecture and operations who can help them maintain highly defensible cloud infrastructure, and follow SecDevOps best practices to reduce toil for their team and their internal customers.


Cloud Security Engineer - ComplyAdvantage
The role requires expertise in cloud security, containerization, and Kubernetes, and involves designing and implementing security solutions.

Thanks for reading!

If you found this newsletter helpful, I'd really appreciate if you could forward it to your friends and colleagues! ๐Ÿ‘Œ

If you have questions, comments, or feedback, let me know on Twitter (@lancinimarco / @CloudSecList), or at feedback.cloudseclist.com!

Thanks,
Marco
Forward Forward
Twitter Tweet
Share Share

How did you like this issue of CloudSecList?

1       2       3       4       5

Archives View in browser Sponsorship
ยฉ 2019-present CloudSecList ยท Marco Lancini