Release Date: 08/10/2023 | Issue: 208
CloudSecList is a newsletter for busy professionals who want to keep up to date with the cloud security industry. Hand-curated by Marco Lancini.

If you received it, you either subscribed or someone forwarded it to you. If you fit in the latter camp and want to subscribe, then you can click on this button:
Sign Up

JupiterOne: Know What You’re Defending
Perhaps the biggest problem in cybersecurity today is that companies don’t have a good understanding of what they’re defending. JupiterOne solves this foundational issue by collecting everything you own into a single system of record that includes cloud infrastructure, endpoints, DNS, SaaS apps, and more.
It connects the dots using graph-based technologies, allowing you to ask complex Attack Surface Questions, like “Show me all VMware-based systems associated with our crown jewels and that have something facing the internet.”
Learn more

This week's articles

Overhauling AWS account access with Terraform, Granted, and GitOps   #aws, #build, #iam
Duckbill breaks down their method of accessing thousands of client AWS accounts in a way that preserves ease-of-access, maintains data confidentiality, and still providing all the permissions needed.

Security Hub gives me imposter syndrome   #aws, #explain
Chris Farris' take on AWS Security Hub, what's wrong, what's good, and why it's a dangerous service for smaller companies.

Meeting the FedRAMP FIPS 140-2 requirement on AWS   #aws, #build
Some ideas for implementing encryption that uses FIPS modules on AWS.

Threat Modeling the Supply Chain for Software Consumers   #strategy, #supply-chain
From a software consumer perspective, how do we know where to start to address the real supply chain threats? Which risks are more critical than others? What framework or standard should be adopted quickly?

5 things you may not know about AWS IAM   #aws, #iam
SCPs are not inherited like you would expect them to be, resource policies can give permissions by themselves, NotPrincipal evaluation may not do what you expect, a permission can be granted by a combination of statements, KMS grants are like detached resource policy statements.

Introduction to AWS Attribute-Based Access Control   #aws, #explain, #iam
The article provides an introduction to Attribute-Based Access Control (ABAC) in AWS. It explains how ABAC differs from traditional Role-Based Access Control (RBAC) and how to use tags to implement ABAC.

PCI v4 is coming. Are you ready?   #strategy
With Version 4.0, businesses gain the flexibility to define and deploy personalized security measures aligned with their specific cardholder data environment (CDE) setup.

How to traceroute Kubernetes pod-to-pod traffic   #explain, #kubernetes
Post delving into Kubernetes networking within the context of VirtualBox, providing command-line examples and illustrations that shed light on pod-to-pod communication.

ZAP is Joining the Software Security Project   #announcement
ZAP (Zed Attack Proxy) has decided to leave OWASP and join the Linux Foundation.

Defending new vectors: Threat actors attempt SQL Server to cloud lateral movement   #attack, #azure
Microsoft's analysis of an attempt to steal the cloud identity in a SQL Server instance for lateral movement highlights the importance of securing cloud identities and implementing least privilege practices when deploying cloud-based and on-premises solutions.

CVE-2023-22515 - Privilege Escalation Vulnerability in Confluence Data Center and Server   #attack, #saas
Atlassian has been made aware of an issue reported by a handful of customers where external attackers may have exploited a previously unknown vulnerability in publicly accessible Confluence Data Center and Server instances to create unauthorized Confluence administrator accounts and access Confluence instances.

Terraform 1.6 adds a test framework for enhanced code validation   #announcement, #terraform
Terraform 1.6 is now generally available, highlighted by a powerful new testing framework to help authors systematically validate the functionality of their code.


A Kubernetes attack graph tool allowing automated calculation of attack paths between assets in a cluster. You can also refer to the companion blog post.

A Google Drive Interface for your Cloudflare R2 Buckets.

Cloudgrep is grep for cloud storage.

A Public Git repository and misconfiguration detection tool.

Nord Stream is a tool that allows you to extract secrets stored inside CI/CD environments by deploying malicious pipelines. It currently supports Azure DevOps, GitHub and GitLab.


BeyondCorp, Zero Trust Architecture Strategy, and Teleport
BeyondCorp comes from a realization that VPN perimeter network security is obsolete. As soon as an attacker breaches the perimeter, they have unrestricted access to the resources. With the release of a memorandum discussing federal Zero Trust Architecture (ZTA) strategies[3], zero trust has entered the mainstream at the government level. Although the memo focuses on government agencies, it has a clear structure and strong foundations for any modern company...
Keep reading the Teleport blog.

From the cloud providers

AWS Icon  Announcing updates to the AWS Well-Architected Framework guidance
In this release, Amazon made the implementation guidance for the new and updated best practices more prescriptive, including enhanced recommendations and steps on reusable architecture patterns targeting specific business outcomes in AWS.

AWS Icon  Get the full benefits of IMDSv2 and disable IMDSv1 across your AWS infrastructure
How to identify IMDSv1-enabled EC2 instances and how to determine if and when your software is making IMDSv1 calls.

AWS Icon  Secure by Design: AWS to enhance MFA requirements in 2024
Beginning in mid-2024, customers signing in to the AWS Management Console with the root user of an AWS Organizations management account will be required to enable MFA to proceed.

AWS Icon  Validate IAM policies with Access Analyzer using AWS Config rules
How to set up and continuously validate and report on compliance of the IAM policies in your environment using AWS Config.

AWS Icon  Use AWS Secrets Manager to store and manage secrets in on-premises or multicloud workloads
Recommended practices to securely fetch secrets from Secrets Manager from your on-premises or hybrid workload.

GCP Icon  Introducing Advanced Vulnerability Insights for GKE
Artifact Analysis in partnership with Google Kubernetes Engine has introduced a new vulnerability scanning offering called Advanced Vulnerability Insights.

GCP Icon  New custom security posture controls and threat detections in Security Command Center
Security Command Center now allows organizations to design their own customized security controls and threat detectors for their Google Cloud environment.

GCP Icon  Introducing Google Cloud Firewall Plus with intrusion prevention
The updated Cloud Firewall Plus provides protection against malware, spyware, and command-and-control attacks on a customer's network.

GCP Icon  Deliver and secure your internet-facing application in less than an hour using Dev(Sec)Ops Toolkit
The Dev(Sec)Ops toolkit helps customers accelerate the delivery of internet-facing applications with Cloud Load Balancing, Cloud Armor, and Cloud CDN.

GCP Icon  Policy Intelligence update
After January 15, 2024, some Policy Intelligence features will only be available for customers with organization-level activations of Security Command Center.

Azure Icon  New expanded visibility into multicloud data security in Microsoft Defender for Cloud
A new data security dashboard in Defender for Cloud, boosting security team effectiveness to reduce the risk of data breaches and detect threats to data in the cloud.

Business News

  • Network security company IronNet ceases operations two years after going public (source)
  • Visa taps US security operations provider Expel for MDR capabilities (source)
  • Ivanti Research Shows that One in Three Employees Believe Their Actions Don't Impact Their Organization's Security (source)
  • Pulumi Raises $41M in Series C Funding (source)
  • Evo Security Receives $1M Investment From Strategic Cyber Ventures (source)
  • Okta announces passwordless passkey support alongside AI for identity and security (source)
  • Yubico can now ship pre-registered security keys to its enterprise users (source)
  • Stack Identity Announces Industry's Only Shadow Access Risk Assessment to Prioritize Cloud and Data Security Risk (source)
  • Sysdig and Docker Announce Partnership to Accelerate and Secure Cloud-Native Application Delivery (source)
  • Cloud incident response company Mitiga adds Cisco as an investor (source)

Thanks for reading!

If you found this newsletter helpful, I'd really appreciate if you could forward it to your friends and colleagues! 👌

If you have questions, comments, or feedback, let me know on Twitter (@lancinimarco / @CloudSecList), or at!

Forward Forward
Twitter Tweet
Share Share

How did you like this issue of CloudSecList?

1       2       3       4       5

Archives View in browser Sponsorship
© 2019-present, CloudSecList by Marco Lancini.