Release Date: 05/11/2023 | Issue: 212
Know someone who'd find this useful? Forward this email
CloudSecList is a newsletter for busy professionals who want to keep up to date with the cloud security industry. Hand-curated by Marco Lancini.
Sponsor
AWS Security Checklist Rampant cloud usage requires an advanced security playbook. Wiz put together these AWS security best practices from leading cloud security orgs. Benchmark your strategy and improve your security posture across your AWS footprint with:
Techniques to enforce least privilege across all identities
How to limit uncontrolled exposure of sensitive assets
Playbooks to extend protection of Kubernetes clusters (EKS)
Plus critical recommendations by resource type (IAM, S3, Cloudtrail)
Wiz released "The EKS Cluster Games", a cloud security Capture The Flag (CTF) event. The mission? To identify and learn about common Amazon EKS security issues.
#attack #aws #explain #kubernetes
PaloAlto analyzes an attack path starting with GitHub IAM exposure and leading to creation of AWS Elastic Compute instances, which TAs used to perform cryptojacking.
#attack #aws
The article highlights a potential issue with AWS Security Hub where incorrect AWS account IDs could lead to cross-tenant data pollution, potentially allowing an attacker to pollute someone else's Security Hub.
#aws #build #explain
The article describes a collaboration to enhance osquery with macOS file access monitoring, aiding in detecting and responding to threats by monitoring file access events, which is particularly useful against attackers attempting to access or copy sensitive file contents on macOS endpoints.
#defend #monitor
My firsthand experience with migrating from Cloudflare Email Routing to Google Workspace.
#build #gcp #gsuite
Sponsor
O'Reilly: Identity-Based Infrastructure Access Management Identity-Native Infrastructure Access is the concept of linking access to an identity. Instead of sharing passwords or other secrets, access is granted on an individual's identity. Deployed by the world's largest tech companies, it's the only way to securely scale access. So, how can you secure access to diverse infrastructure components, from bare metal to ephemeral containers, consistently and simply? In this practical book, authors Ev Kontsevoy, Sakshyam Shah, and Peter Conrad break this topic into manageable pieces.
GOAD is a pentest active directory LAB project. The purpose of this lab is to give pentesters a vulnerable Active directory environment ready to use to practice usual attack techniques.
Some of the benefits and considerations organizations should think through when looking at a unified and global information technology and operational technology (IT/OT) security operations center (SOC).
Post covering six tips to enhance the security of your containers on ECS: manage access with IAM policies and roles, secure the network, secrets management, runtime, logging and monitoring, and security compliance.
How to use IAM Access Analyzer and action last accessed to refine the required permissions for your IAM roles that have a trust policy, which allows entities outside of your account to assume a role and access your resources.
Post examining the benefits of using AWS serverless services and highlight how you can use them to help align with your PCI DSS compliance responsibilities.
To help address the chronic shortage of security talent, Google Cloud has introduced a new virtual, lab-based training for Security Command Center, that can be completed in just six hours.
Powerful new rules in Security Command Center Premium can help customers quickly identify and remediate threats to backup and recovery infrastructure. Here's how.
Access Transparency and Access Approval provide customers with direct oversight of Google Cloud access to their resources when customer assistance or disaster recovery operations are underway.
Sponsor CloudSecList
If you want to get your product or job ad in front of thousands of security professionals, ranging from engineers to CISOs and VCs, at companies ranging from small start-ups to Fortune500 and FAANG, you can reach out at ๐จ [email protected] ๐จ