Release Date: 05/11/2023 | Issue: 212
Know someone who'd find this useful? Forward this email
CloudSecList is a newsletter for busy professionals who want to keep up to date with the cloud security industry. Hand-curated by Marco Lancini.
Sponsor

AWS Security Checklist
Rampant cloud usage requires an advanced security playbook.
Wiz put together these AWS security best practices from leading cloud security orgs. Benchmark your strategy and improve your security posture across your AWS footprint with:
  • Techniques to enforce least privilege across all identities
  • How to limit uncontrolled exposure of sensitive assets
  • Playbooks to extend protection of Kubernetes clusters (EKS)
  • Plus critical recommendations by resource type (IAM, S3, Cloudtrail)
All of these advanced best practices for AWS are compiled in this checklist.

This week's articles


Announcing the EKS Cluster Games
Wiz released "The EKS Cluster Games", a cloud security Capture The Flag (CTF) event. The mission? To identify and learn about common Amazon EKS security issues.   #attack   #aws   #explain   #kubernetes


CloudKeys in the Air: Tracking Malicious Operations of Exposed IAM Keys
PaloAlto analyzes an attack path starting with GitHub IAM exposure and leading to creation of AWS Elastic Compute instances, which TAs used to perform cryptojacking.   #attack   #aws


The deputy is confused about AWS Security Hub
The article highlights a potential issue with AWS Security Hub where incorrect AWS account IDs could lead to cross-tenant data pollution, potentially allowing an attacker to pollute someone else's Security Hub.   #aws   #build   #explain


Oh-Auth - Abusing OAuth to take over millions of accounts
This post reveals yet a new and different attack method on the social sign-in mechanism and OAuth implementations.   #attack   #saas


ApatchMe - Authenticated Stored XSS Vulnerability in AWS and GCP Apache Airflow Services
Unpatched Apache Airflow instances used in AWS and GCP allow an exploitable stored XSS through the task instance details page.   #attack   #aws   #gcp


File Access Monitoring with Osquery: Weaponize your entire macOS fleet into a filesystem-based honeypot
The article describes a collaboration to enhance osquery with macOS file access monitoring, aiding in detecting and responding to threats by monitoring file access events, which is particularly useful against attackers attempting to access or copy sensitive file contents on macOS endpoints.   #defend   #monitor


The Kubernetes CVE-2023-3676 Windows command injection vulnerability - exploitation and prevalence
A look into a recent Kubernetes vulnerability that affects Windows nodes, how to detect and remediate it.   #attack   #kubernetes


Migrating to Google Workspace: Solving Email Routing Challenges
My firsthand experience with migrating from Cloudflare Email Routing to Google Workspace.   #build   #gcp   #gsuite

Sponsor

O'Reilly: Identity-Based Infrastructure Access Management
Identity-Native Infrastructure Access is the concept of linking access to an identity. Instead of sharing passwords or other secrets, access is granted on an individual's identity. Deployed by the world's largest tech companies, it's the only way to securely scale access. So, how can you secure access to diverse infrastructure components, from bare metal to ephemeral containers, consistently and simply?
In this practical book, authors Ev Kontsevoy, Sakshyam Shah, and Peter Conrad break this topic into manageable pieces.

Tools


osquery-defense-kit
Production-ready detection & response queries for OSQuery.


localtoast
Localtoast is a scanner for running security-related configuration checks such as CIS benchmarks in an easily configurable manner.


GOAD
GOAD is a pentest active directory LAB project. The purpose of this lab is to give pentesters a vulnerable Active directory environment ready to use to practice usual attack techniques.


Tetragon 1.0
Tetragon 1.0 got released. You can read the companion blog post for details.


cuddlephish
Weaponized Browser-in-the-Middle (BitM) for Penetration Testers.

From the cloud providers


#AWS   Evolving cyber threats demand new security approaches - The benefits of a unified and global IT/OT SOC
Some of the benefits and considerations organizations should think through when looking at a unified and global information technology and operational technology (IT/OT) security operations center (SOC).


#AWS   Security considerations for running containers on Amazon ECS
Post covering six tips to enhance the security of your containers on ECS: manage access with IAM policies and roles, secure the network, secrets management, runtime, logging and monitoring, and security compliance.


#AWS   Refine permissions for externally accessible roles using IAM Access Analyzer and IAM action last accessed
How to use IAM Access Analyzer and action last accessed to refine the required permissions for your IAM roles that have a trust policy, which allows entities outside of your account to assume a role and access your resources.


#AWS   Transforming transactions: Streamlining PCI compliance using AWS serverless architecture
Post examining the benefits of using AWS serverless services and highlight how you can use them to help align with your PCI DSS compliance responsibilities.


#AWS   Approaches for migrating users to Amazon Cognito user pools
Two recommended approaches for migrating users into an Amazon Cognito user pool: bulk and just-in-time.


#AWS   Forward access sessions
Learn about passing your identity, permissions, and session attributes when an AWS service makes a request on your behalf.


#GCP   Building core strength: New technical papers on infrastructure security
Google announced a new series of technical whitepapers on infrastructure security. The series begins with two papers: Protecting the physical-to-logical space in a data center and Enforcing boot integrity on production machines.


#GCP   New educational lab for Security Command Center can help address security talent gap
To help address the chronic shortage of security talent, Google Cloud has introduced a new virtual, lab-based training for Security Command Center, that can be completed in just six hours.


#GCP   Introducing ransomware and threat detection for Backup and DR in Security Command Center
Powerful new rules in Security Command Center Premium can help customers quickly identify and remediate threats to backup and recovery infrastructure. Here's how.


#GCP   Gain access visibility and control with Access Transparency and Access Approval
Access Transparency and Access Approval provide customers with direct oversight of Google Cloud access to their resources when customer assistance or disaster recovery operations are underway.

Sponsor CloudSecList

If you want to get your product or job ad in front of thousands of security professionals, ranging from engineers to CISOs and VCs, at companies ranging from small start-ups to Fortune500 and FAANG, you can reach out at
๐Ÿ“จ [email protected] ๐Ÿ“จ

Business News

Thanks for reading!

If you found this newsletter helpful, I'd really appreciate if you could forward it to your friends and colleagues! ๐Ÿ‘Œ

If you have questions, comments, or feedback, let me know on Twitter (@lancinimarco / @CloudSecList), or at feedback.cloudseclist.com!

Thanks,
Marco
Forward Forward
Twitter Tweet
Share Share

How did you like this issue of CloudSecList?

1       2       3       4       5

Archives View in browser Sponsorship
ยฉ 2019-present CloudSecList ยท Marco Lancini