Release Date: 15/10/2023 | Issue: 209
Know someone who'd find this useful? Forward this email
CloudSecList is a newsletter for busy professionals who want to keep up to date with the cloud security industry. Hand-curated by Marco Lancini.
Sponsor

AWS, Azure, or GCP customer?
Cloud security challenges grow exponentially when key infrastructure migrates from on-prem environments onto public clouds. In this eBook you’ll learn how high-growth orgs can adapt their security strategy to stay secure without compromising on speed:
  • How to identify top risks in your cloud environment
  • 4 playbooks from high-growth companies navigating risks in their cloud – including emerging risks like Log4Shell
  • What to look for when evaluating cloud-native security platforms (legacy vendors don’t want you to know this)
Download this free resource here

This week's articles


Following attackers' (Cloud)trail in AWS: Methodology and findings in the wild
Datadog's methodology to proactively identify malicious activity by investigating logs in AWS Cloudtrail.   #aws   #monitor


Attacking AWS Cognito with Pacu
Common problems in AWS Cognito security, as seen in client environments, which would benefit from automated scanning and exploitation.   #attack   #aws


Investigate Service Account Key Origins and Usage with Best Practices
Deep dive on investigating service account key origins and usage, including analyzing authentication patterns, monitoring authentication events, and examining service account impersonation and key usage.   #gcp   #monitor


Phishing for Primary Refresh Tokens and Windows Hello keys
Post describing new techniques to phish for Primary Refresh Tokens, and in some scenarios also deploy passwordless credentials that comply with even the strictest MFA policies.   #attack   #azure


Detection of Inbound SSO persistence techniques in GCP
Recently threat actors who have compromised admin accounts of identity providers have then configured their own malicious IdP to act as a trusted source of identity.   #attack   #gcp


Bootstrap an Air Gapped Cluster With Kubeadm
Post walking through the process of bootstrapping a Kubernetes cluster in an air-gapped lab environment using Fedora Linux and kubeadm.   #build   #kubernetes


Users of Telegram, AWS, and Alibaba Cloud targeted in latest supply chain attack
Throughout September 2023, an attacker executed a targeted campaign via Pypi to draw developers using Alibaba cloud services, AWS, and Telegram to their malicious packages.   #alibaba   #attack   #aws


Only one label to improve your Kubernetes security posture, with the Pod Security Admission (PSA)
In Kubernetes 1.25 as stable (and since 1.23 as beta), the Pod Security admission (PSA) controller replaces PodSecurityPolicy (PSP), making it easier to enforce predefined Pod Security Standards (PSS) by simply adding a label to a namespace.   #explain   #kubernetes


OpenSSF introduces the Specification Security Insights 1.0
Security Insights provides a mechanism for maintainers to provide information about their projects' security processes in a machine-processable way.   #announcement   #supply-chain

Sponsor

Tines's Essential Guide to No-Code Automation for Security Teams serves as the ultimate resource on no-code automation for security practitioners.
It provides an overview of what no-code automation is, why it is a critical skill for those at the forefront of security operations, and how to bring the power of no-code automation to your security team. In addition, the playbook includes a variety of resources, from customer case studies and success stories to tips to prepare for the future and best practices for implementation.
View the full guide here

Tools


former2
Generate CloudFormation / Terraform / Troposphere templates from your existing AWS resources.


waf-btk
A toolkit to test the effectiveness of your WAF implementation.


AWS-RAMPpak
A reference architecture for FedRAMP AWS builds.


CloudFlair
Find origin servers of websites behind CloudFlare by using Internet-wide scan data from Censys.


endoflife.date
Check end-of-life, support schedule, and release timelines for more than 200 products at one place.

From the cloud providers


#AWS   Amazon SES: Email Authentication and Getting Value out of Your DMARC Policy
Post exploring some of the reasons why email may fail DMARC policy evaluation and propose solutions to fix any failures that you might encounter.


#AWS   Use SAML with Amazon Cognito to support a multi-tenant application with a single user pool
How to configure Cognito with a single user pool for multiple tenants to securely access a business-to-business application by using SAML custom attributes.


#AWS   PCI DSS v4.0 on AWS Compliance Guide now available
An overview of concepts and principles to help customers build PCI DSS-compliant applications and adhere to the updated version 4.0 requirements.


#AWS   Now available: Building a scalable vulnerability management program on AWS
A guide which covers how to build a successful and scalable vulnerability management program on AWS through preparation, enabling and configuring tools, triaging findings, and reporting.


#AWS   Delegating permission set management and account assignment in AWS IAM Identity Center
How you can use AWS IAM Identity Center to delegate the management of permission sets and account assignments.


#GCP   Easier log management for multi-tenancy through new routing features
Cloud Logging's Log Router can now send log sinks to a Google Cloud Project, to provide greater flexibility for routing logs.


#GCP   Shared fate: Protecting customers with generative AI indemnification
Google Cloud assumes responsibility for potential legal risks of using our generative AI, offering indemnities for training data and generated output.


#GCP   Safeguard your VM workloads with new GCVM Protected
The new GCVE Protected offers bundled pricing for both Google Cloud VMware Engine and Google Cloud's Backup & DR Service.

Sponsor CloudSecList

If you want to get your product or job ad in front of thousands of security professionals, ranging from engineers to CISOs and VCs, at companies ranging from small start-ups to Fortune500 and FAANG, you can reach out at
πŸ“¨ [email protected] πŸ“¨

Business News

Thanks for reading!

If you found this newsletter helpful, I'd really appreciate if you could forward it to your friends and colleagues! πŸ‘Œ

If you have questions, comments, or feedback, let me know on Twitter (@lancinimarco / @CloudSecList), or at feedback.cloudseclist.com!

Thanks,
Marco
Forward Forward
Twitter Tweet
Share Share

How did you like this issue of CloudSecList?

1       2       3       4       5

Archives View in browser Sponsorship
Β© 2019-present CloudSecList Β· Marco Lancini