Release Date: 22/10/2023 | Issue: 210
CloudSecList is a newsletter for busy professionals who want to keep up to date with the cloud security industry. Hand-curated by Marco Lancini.

If you received it, you either subscribed or someone forwarded it to you. If you fit in the latter camp and want to subscribe, then you can click on this button:
Sign Up

Discover all cloud accounts with Nudge Security
Nudge Security discovers all AWS, GCP and Azure assets ever created by anyone in your organization, including the unmanaged accounts your teams may have forgotten about. And, you’ll get alerted as new accounts are created so you can ensure proper security controls are applied from day one.
Get a free cloud and SaaS inventory in minutes - no agents, browser plug-ins, or network proxies required.
Start free trial

This week's articles

BeyondTrust Discovers Breach of Okta Support Unit   #attack, #saas
BeyondTrust has discovered a breach of Okta’s support unit, which has resulted in the exposure of customer data. You can also read the Cloudflare's writeup which contains recommendations for Okta’s customers.

Report: Voice of the SOC 2023   #monitor, #strategy
Discover insights and recommendations from a survey of 900 security professionals, and the takeaways for leadership.

Everything you need to know about the Microsoft Graph Activity Logs   #azure, #monitor
An introduction on the new Graph APIs that can help incident responders close some visibility gaps.

What Can Go Wrong When an EC2 Instance is Exposed to SSRF   #attack, #aws
New CNAPPgoat scenario makes experimentation easy by triggering calls to AWS service from an EC2 instance exposed to SSRF.

malicious-packages   #defend, #supply-chain
A repository of reports of malicious packages identified in Open Source package repositories, consumable via the Open Source Vulnerability (OSV) format.

Changing Sealed Secrets Passwords in Kubernetes   #build, #kubernetes
There are plenty of articles that focus on installing Bitnami's Sealed Secrets application and creating your first Sealed Secret within Kubernetes. However, most article do not cover how to change passwords defined within a Sealed Secret.

Terraform AWS Provider: Everything you need to know about Multi-Account Authentication and Configuration   #aws, #build, #terraform
Post covering multiple options available to configure the authentication between Terraform and AWS.

Adopt Open ID Connect (OIDC) in Terraform for secure multi-account CI/CD to AWS   #aws, #ci/cd, #iam
Deploy to AWS with Terraform and GitHub Actions using Open ID Connect (OIDC) and IAM AssumeRoleWithWebIdentity. Say goodbye to IAM users and long-lived credentials.


Understand Kubernetes - the visual way. Not yet another attempt to manage production clusters in the browser.

This script allows customers to iterate through all regions and all accounts in an organization to enumerate all public IPs and flag certain IPs that may be unnecessary for further investigation.

Marvin is a CLI tool that scans a k8s cluster by performing CEL expressions to report potential issues, misconfigurations and vulnerabilities.

Create a secure static website with CloudFront for your registered domain.

A Post-exploitation Toolset for Interacting with the Microsoft Graph API. You can also refer to the companion blog post.


Opal – Modern Identity Security
Opal is designed to give teams the building blocks for identity-first security: view authorization paths, manage risk, and seamlessly apply intelligent policies built to grow with your organization.

Opal is used by best-in-class security teams today, such as Blend, Databricks, Exelixis, Figma, Scale AI, and more. There is no one-size-fits-all when it comes to access, but Opal provides the data foundation to scale least privilege the right way.

From the cloud providers

AWS Icon  Announcing the AWS Well-Architected Framework DevOps Guidance
The AWS DevOps Guidance introduces the AWS DevOps Sagas, a collection of modern capabilities that together form a comprehensive approach to designing, developing, securing, and efficiently operating software at cloud scale.

AWS Icon  Amazon EC2 now supports setting AMIs to a disabled state
Disabling an AMI changes its state to disabled, makes the AMI private if it was previously shared, and prevents any new EC2 instance launches from that disabled AMI.

GCP Icon  Introducing Actions and Alerts in Advanced API Security
Shift your security approach to proactively identify and act on security threats with security actions and alerts.

GCP Icon  Cloud CISO Perspectives: How boards can help cyber-crisis communications
Google Cloud CISO Phil Venables talks about the important (and often undervalued) organizational skill of crisis communications.

Azure Icon  Azure security best practices and patterns
This article links you to security best practices and patterns for different Azure resources.

Azure Icon  Operationalizing Microsoft Security Copilot to Reinvent SOC Productivity
Microsoft is bringing Security Copilot into Microsoft 365 Defender.

Business News

  • Trust & Safety Tycoon lets you simulate the most agonizing job in tech (source)
  • Wiz launches support for Google Workspace, helping organizations secure Google Cloud identities (source)
  • Orca Security Integrates with Google Workspace to Strengthen Visibility and Security (source)
  • Fingerprint, a device security company that helps developers prevent fraudulent activity on websites, announced a $33M Series C (source)
  • Zygon bags $3m in seed funding to prevent SaaS security risk (source)
  • SecureW2 raises $80M to help companies adopt passwordless approach to zero-trust security (source)
  • Amazon quietly rolls out support for passkeys, with a catch (source)

Thanks for reading!

If you found this newsletter helpful, I'd really appreciate if you could forward it to your friends and colleagues! 👌

If you have questions, comments, or feedback, let me know on Twitter (@lancinimarco / @CloudSecList), or at!

Forward Forward
Twitter Tweet
Share Share

How did you like this issue of CloudSecList?

1       2       3       4       5

Archives View in browser Sponsorship
© 2019-present, CloudSecList by Marco Lancini.