Release Date: 15/10/2023 | Issue: 209
CloudSecList is a newsletter for busy professionals who want to keep up to date with the cloud security industry. Hand-curated by Marco Lancini.

If you received it, you either subscribed or someone forwarded it to you. If you fit in the latter camp and want to subscribe, then you can click on this button:
Sign Up

AWS, Azure, or GCP customer?
Cloud security challenges grow exponentially when key infrastructure migrates from on-prem environments onto public clouds. In this eBook you’ll learn how high-growth orgs can adapt their security strategy to stay secure without compromising on speed:
  • How to identify top risks in your cloud environment
  • 4 playbooks from high-growth companies navigating risks in their cloud – including emerging risks like Log4Shell
  • What to look for when evaluating cloud-native security platforms (legacy vendors don’t want you to know this)
Download this free resource here

This week's articles

Following attackers' (Cloud)trail in AWS: Methodology and findings in the wild   #aws, #monitor
Datadog's methodology to proactively identify malicious activity by investigating logs in AWS Cloudtrail.

Attacking AWS Cognito with Pacu   #attack, #aws
Common problems in AWS Cognito security, as seen in client environments, which would benefit from automated scanning and exploitation.

Investigate Service Account Key Origins and Usage with Best Practices   #gcp, #monitor
Deep dive on investigating service account key origins and usage, including analyzing authentication patterns, monitoring authentication events, and examining service account impersonation and key usage.

Phishing for Primary Refresh Tokens and Windows Hello keys   #attack, #azure
Post describing new techniques to phish for Primary Refresh Tokens, and in some scenarios also deploy passwordless credentials that comply with even the strictest MFA policies.

Detection of Inbound SSO persistence techniques in GCP   #attack, #gcp
Recently threat actors who have compromised admin accounts of identity providers have then configured their own malicious IdP to act as a trusted source of identity.

Bootstrap an Air Gapped Cluster With Kubeadm   #build, #kubernetes
Post walking through the process of bootstrapping a Kubernetes cluster in an air-gapped lab environment using Fedora Linux and kubeadm.

Users of Telegram, AWS, and Alibaba Cloud targeted in latest supply chain attack   #alibaba, #attack, #aws
Throughout September 2023, an attacker executed a targeted campaign via Pypi to draw developers using Alibaba cloud services, AWS, and Telegram to their malicious packages.

Only one label to improve your Kubernetes security posture, with the Pod Security Admission (PSA)   #explain, #kubernetes
In Kubernetes 1.25 as stable (and since 1.23 as beta), the Pod Security admission (PSA) controller replaces PodSecurityPolicy (PSP), making it easier to enforce predefined Pod Security Standards (PSS) by simply adding a label to a namespace.

OpenSSF introduces the Specification Security Insights 1.0   #announcement, #supply-chain
Security Insights provides a mechanism for maintainers to provide information about their projects' security processes in a machine-processable way.


Generate CloudFormation / Terraform / Troposphere templates from your existing AWS resources.

A toolkit to test the effectiveness of your WAF implementation.

A reference architecture for FedRAMP AWS builds.

Find origin servers of websites behind CloudFlare by using Internet-wide scan data from Censys.
Check end-of-life, support schedule, and release timelines for more than 200 products at one place.


Tines's Essential Guide to No-Code Automation for Security Teams serves as the ultimate resource on no-code automation for security practitioners.
It provides an overview of what no-code automation is, why it is a critical skill for those at the forefront of security operations, and how to bring the power of no-code automation to your security team. In addition, the playbook includes a variety of resources, from customer case studies and success stories to tips to prepare for the future and best practices for implementation.
View the full guide here

From the cloud providers

AWS Icon  Amazon SES: Email Authentication and Getting Value out of Your DMARC Policy
Post exploring some of the reasons why email may fail DMARC policy evaluation and propose solutions to fix any failures that you might encounter.

AWS Icon  Use SAML with Amazon Cognito to support a multi-tenant application with a single user pool
How to configure Cognito with a single user pool for multiple tenants to securely access a business-to-business application by using SAML custom attributes.

AWS Icon  PCI DSS v4.0 on AWS Compliance Guide now available
An overview of concepts and principles to help customers build PCI DSS-compliant applications and adhere to the updated version 4.0 requirements.

AWS Icon  Now available: Building a scalable vulnerability management program on AWS
A guide which covers how to build a successful and scalable vulnerability management program on AWS through preparation, enabling and configuring tools, triaging findings, and reporting.

AWS Icon  Delegating permission set management and account assignment in AWS IAM Identity Center
How you can use AWS IAM Identity Center to delegate the management of permission sets and account assignments.

GCP Icon  Easier log management for multi-tenancy through new routing features
Cloud Logging's Log Router can now send log sinks to a Google Cloud Project, to provide greater flexibility for routing logs.

GCP Icon  Shared fate: Protecting customers with generative AI indemnification
Google Cloud assumes responsibility for potential legal risks of using our generative AI, offering indemnities for training data and generated output.

GCP Icon  Safeguard your VM workloads with new GCVM Protected
The new GCVE Protected offers bundled pricing for both Google Cloud VMware Engine and Google Cloud's Backup & DR Service.

Sponsor CloudSecList

If you want to get your product or job ad in front of thousands of security professionals, ranging from engineers to CISOs and VCs, at companies ranging from small start-ups to Fortune500 and FAANG, you can reach out at
πŸ“¨ [email protected] πŸ“¨

Business News

  • CyberArk Launches New Capabilities for Securing Access to Cloud Workloads and Services as Part of Its Identity Security Platform (source)
  • Conveyor raises $12.5M to help companies fill out security reviews with AI (source)
  • Vera, a startup that develops a conversational assistant to enforce and automate privacy, security, and fairness policies, raised $2.7m in pre-seed funding. (source)
  • Arctic Wolf acquires cybersecurity automation platform Revelstok (source)
  • SailPoint Accelerates Innovation with its Identity Security Platform: SailPoint Atlas (source)
  • Gutsy unveils a pioneering $51m seed round to redefine security governance (source)

Thanks for reading!

If you found this newsletter helpful, I'd really appreciate if you could forward it to your friends and colleagues! πŸ‘Œ

If you have questions, comments, or feedback, let me know on Twitter (@lancinimarco / @CloudSecList), or at!

Forward Forward
Twitter Tweet
Share Share

How did you like this issue of CloudSecList?

1       2       3       4       5

Archives View in browser Sponsorship
Β© 2019-present, CloudSecList by Marco Lancini.