Release Date: 29/10/2023 | Issue: 211
CloudSecList is a newsletter for busy professionals who want to keep up to date with the cloud security industry. Hand-curated by Marco Lancini.

If you received it, you either subscribed or someone forwarded it to you. If you fit in the latter camp and want to subscribe, then you can click on this button:
Sign Up

Is cloud data security in your 2024 budget?
With cloud data facing increasing vulnerabilities, security leaders are turning to Data Security Posture Management (DSPM) as the solution to discovering where all their data is and how it is secured. Sentra's DSPM discovers, classifies, and secures cloud data, ensuring your sensitive information stays protected.
Read this insightful guide by Jason Chan, former VP of Infosec at Netflix, to explore vital features for safeguarding your data.

This week's articles

Slack Attack: A phisher's guide to initial access   #attack, #saas
An article demonstrating how IM apps, specifically Slack, are an increasingly attractive target for a range of phishing & social engineering attacks.

Server-side sandboxing: An introduction   #containers, #explain
The first in a three-part series on deploying and operating sandboxing techniques.

Fargate and Cribl (Stream): How We Got It Working   #aws, #build, #monitor
The article discusses deploying Cribl using AWS Fargate to manage log data more effectively, outlining an approach to setting up this infrastructure.

Detect transitive access to sensitive Google Cloud resources   #explain, #gcp, #iam
If a user can successfully authenticate as a service account, they gain access to all the IAM permissions associated with that account.

AWS Network Firewall egress filtering can be easily bypassed   #attack, #aws
If you are thinking of or are already using AWS Network Firewall to control and filter egress traffic to only allow connections to approved destination sites, you need to read this post, as it may not work as you have thought.

Exploring the Dark Side of Package Files and Storage Account Abuse   #attack, #azure
How attackers can abuse the Storage Account's connection string to gain unauthorized access to the Function Apps.

Securing attacks targeted at user or kernel level for customer X with KubeArmor & AWS Bottlerock   #aws, #defend, #kubernetes
The article outlines how KubeArmor and AWS Bottlerocket enhance security in Kubernetes deployments. KubeArmor aids in blocking unwanted binaries and applying granular controls at the container level, while AWS Bottlerocket fortifies host and worker nodes.

A short note on AWS KEY ID   #aws, #explain
How to decode the AWS account ID from an AWS Key ID.


HAR Sanitizer
Protect your session data by sanitizing your HAR files before sharing.

Gittuf provides a security layer for Git using some concepts introduced by The Update Framework (TUF).

WolfPack combines the capabilities of Terraform and Packer to streamline the deployment of red team redirectors on a large scale.

Convert Ingress resources to Gateway API resources.

Deploy web apps anywhere.

Turn your fresh cloud VM into fully functional VS Code for the web with HTTPS enabled.


(Watch Now) Understanding the New SaaS Cyber Kill Chain
How do you compromise a company without touching its network or endpoints? We've mapped 40 attack techniques across the SaaS cyber kill chain. Some you'll know, others are totally novel like evil twin integrations, SAMLjacking and shadow workflows.
Watch the ungated video to see technical demos of how to create powerful attack chains that evade network monitoring and EDR tools. This original research was presented at BlueHat 2023 by Luke Jennings of Push Security.
Watch the Ungated Video Here

From the cloud providers

AWS Icon  AWS Digital Sovereignty Pledge: Announcing a new, independent sovereign cloud in Europe
Amazon announced their plans to launch the AWS European Sovereign Cloud, a new, independent cloud for Europe, designed to help public sector organizations and customers in highly regulated industries meet their evolving sovereignty needs.

AWS Icon  Rotate Your SSL/TLS Certificates Now - Amazon RDS and Amazon Aurora Expire in 2024
Most SSL/TLS certificates (rds-ca-2019) for your DB instances will expire in 2024 after the certificate update in 2020.

AWS Icon  Mask and redact sensitive data published to Amazon SNS using managed and custom data identifiers
How to create custom data identifiers to detect and protect domain-specific sensitive data, such as your company's employee IDs.

GCP Icon  What's new with Cloud Firewall Standard
Google announced the general availability of the fully qualified domain name (FQDN) feature for Cloud Firewall.

Azure Icon  Public preview: Disable Secure Shell (SSH) support in AKS
You can now disable secure shell (SSH) in AKS.

Business News

  • Security operations platform startup Adlumin raises $70M to accelerate growth (source)
  • SentinelOne Bolsters Threat Intelligence Capabilities with Singularity Threat Intelligence (source)
  • Cado Security Launches Incident Response Preparedness with New Readiness Dashboard (source)
  • Darktrace debuts advanced cloud-native security solution with self-learning AI (source)
  • Stacklet Introduces Jun0 to Transform Cloud Governance and Management (source)
  • Teleport advances cloud security with identity-centric access management tool (source)

Thanks for reading!

If you found this newsletter helpful, I'd really appreciate if you could forward it to your friends and colleagues! 👌

If you have questions, comments, or feedback, let me know on Twitter (@lancinimarco / @CloudSecList), or at!

Forward Forward
Twitter Tweet
Share Share

How did you like this issue of CloudSecList?

1       2       3       4       5

Archives View in browser Sponsorship
© 2019-present, CloudSecList by Marco Lancini.