Release Date: 01/10/2023 | Issue: 207
CloudSecList is a newsletter for busy professionals who want to keep up to date with the cloud security industry. Hand-curated by Marco Lancini.

If you received it, you either subscribed or someone forwarded it to you. If you fit in the latter camp and want to subscribe, then you can click on this button:
Sign Up
Introducing the "Business News" Section!
This week, I am experimenting with a new section in the newsletter: Business News!
As always, feedback is appreciated

Discover all cloud accounts with Nudge Security
Nudge Security discovers all AWS, GCP and Azure assets ever created by anyone in your organization, including the unmanaged accounts your teams may have forgotten about. And, you’ll get alerted as new accounts are created so you can ensure proper security controls are applied from day one.
Get a free cloud and SaaS inventory in minutes - no agents, browser plug-ins, network changes, or browser plug-ins required.
Start free trial

This week's articles

Security is about data: how different approaches are fighting for security data and what the cybersecurity data stack of the future is shaping up to look like   #strategy
Looking at different players promising to solve the security data problem, what each of them brings to the table, and the trends defining what the cybersecurity data stack of the future is going to be.

Pitfalls of relying on eBPF for security monitoring (and some solutions)   #monitor
EBPF (extended Berkeley Packet Filter) has emerged as the de facto Linux standard for security monitoring and endpoint observability. But eBPF was never intended for security monitoring. It is first and foremost a networking and debugging tool.

GitHub Actions could be so much better   #build, #ci/cd
GitHub Actions is a regular source of profound frustration for the author of this post in their development processes. This post lists some of those frustrations, and how they think GitHub could improve on them (or even fix them outright).

A Simple, Yet Effective Cost Optimization Framework   #strategy
Turn stuff off. Store less data. Move less data. Cloud-ify your workloads. Pre-pay for resources. Repeat.

The GitHub Actions Worm: Compromising GitHub Repositories Through the Actions Dependency Tree   #attack, #ci/cd
How a novel attack vector in GitHub Actions allows attackers to distribute malware across repositories using a technique that exploits the actions dependency tree.

Surprise: When Dependabot Contributes Malicious Code   #attack, #ci/cd
In July 2023, malicious commits were detected on GitHub, disguised as contributions by Dependabot. Threat actors fabricated these to steal users' GitHub personal access tokens and insert malicious code, which exfiltrated project secrets to a server and modified JavaScript files with password-stealer malware, affecting end-users.

Remote analysis on cloud object-storage   #attack, #aws
The journey of making the volatility3 framework compatible with S3 object-storage to perform memory analysis over the network.

MITRE Security Automation Framework   #strategy, #supply-chain
MITRE SAF supports security processes at all stages of the software lifecycle, from planning secure system design to analyzing operational security data.


Substation is a cloud-native, event-driven data pipeline toolkit designed for security and observability teams.

Wazuh is a free and open source platform used for threat prevention, detection, and response.

SnowAlert is a security analytics framework that uses the Snowflake Cloud Data Platform to detect security incidents and policy violations.

Building Custom Scenarios with CNAPPgoat
You can now construct and import your own vulnerability scenarios into CNAPPgoat.

Terraform module to create Route53 resource on AWS for create api gateway with its basic elements.


Opal – Modern Identity Security
Opal is designed to give teams the building blocks for identity-first security: view authorization paths, manage risk, and seamlessly apply intelligent policies built to grow with your organization.

Opal is used by best-in-class security teams today, such as Blend, Databricks, Exelixis, Figma, Scale AI, and more. There is no one-size-fits-all when it comes to access, but Opal provides the data foundation to scale least privilege the right way.

From the cloud providers

AWS Icon  Automate Lambda code signing with Amazon CodeCatalyst and AWS Signer
How to use Amazon CodeCatalyst with AWS Signer to fully manage the code signing process to ensure the trust and integrity of code assets.

AWS Icon  Deploy AWS WAF faster with Security Automations
You can now deploy AWS WAF managed rules as part of the Security Automations for AWS WAF solution.

AWS Icon  Enable external pipeline deployments to AWS Cloud by using IAM Roles Anywhere
Post walking through the steps on how to obtain AWS temporary credentials for your external CI/CD pipelines by using IAM Roles Anywhere and an on-premises hosted server running Azure DevOps Services.

AWS Icon  Amazon SNS message data protection can now de-identify outbound messages via redaction or masking
SNS can now detect and automatically mask PII data or even block the transmission of data.

GCP Icon  New custom security posture controls and threat detections in Security Command Center
Security Command Center now allows organizations to design their own customized security controls and threat detectors for their Google Cloud environment.

Sponsor CloudSecList

If you want to get your product or job ad in front of thousands of security professionals, ranging from engineers to CISOs and VCs, at companies ranging from small start-ups to Fortune500 and FAANG, you can reach out at
📨 [email protected] 📨

Business News

  • Palo Alto Networks in advanced talks to buy Talon and Dig in a $1B security sweep (source)
  • Vali Cyber Secures $15M in Seed Funding to Revolutionize Linux Cybersecurity (source)
  • Cybersecurity firm Lumu raises $30M to detect network intrusions (source)
  • Cyber risk monitoring and scoring Cypherleak secures $750,000 in seed funding (source)
  • Gem Security, a Cloud Detection and Response (CDR) company, Raises $23M in Series A Funding (source)
  • Blackpoint Cyber Expands Cloud Security Offering with Cloud Response for Google Workspace (source)
  • Cisco to Acquire Splunk (source)
  • CrowdStrike to Acquire Bionic's Code-to-Runtime Cybersecurity Platform (source)

Thanks for reading!

If you found this newsletter helpful, I'd really appreciate if you could forward it to your friends and colleagues! 👌

If you have questions, comments, or feedback, let me know on Twitter (@lancinimarco / @CloudSecList), or at!

Forward Forward
Twitter Tweet
Share Share

How did you like this issue of CloudSecList?

1       2       3       4       5

Archives View in browser Sponsorship
© 2019-present, CloudSecList by Marco Lancini.