Release Date: 05/11/2023 | Issue: 212
CloudSecList is a newsletter for busy professionals who want to keep up to date with the cloud security industry. Hand-curated by Marco Lancini.

If you received it, you either subscribed or someone forwarded it to you. If you fit in the latter camp and want to subscribe, then you can click on this button:
Sign Up

AWS Security Checklist
Rampant cloud usage requires an advanced security playbook.
Wiz put together these AWS security best practices from leading cloud security orgs. Benchmark your strategy and improve your security posture across your AWS footprint with:
  • Techniques to enforce least privilege across all identities
  • How to limit uncontrolled exposure of sensitive assets
  • Playbooks to extend protection of Kubernetes clusters (EKS)
  • Plus critical recommendations by resource type (IAM, S3, Cloudtrail)
All of these advanced best practices for AWS are compiled in this checklist.

This week's articles

Announcing the EKS Cluster Games   #attack, #aws, #explain, #kubernetes
Wiz released "The EKS Cluster Games", a cloud security Capture The Flag (CTF) event. The mission? To identify and learn about common Amazon EKS security issues.

CloudKeys in the Air: Tracking Malicious Operations of Exposed IAM Keys   #attack, #aws
PaloAlto analyzes an attack path starting with GitHub IAM exposure and leading to creation of AWS Elastic Compute instances, which TAs used to perform cryptojacking.

The deputy is confused about AWS Security Hub   #aws, #build, #explain
The article highlights a potential issue with AWS Security Hub where incorrect AWS account IDs could lead to cross-tenant data pollution, potentially allowing an attacker to pollute someone else's Security Hub.

Oh-Auth - Abusing OAuth to take over millions of accounts   #attack, #saas
This post reveals yet a new and different attack method on the social sign-in mechanism and OAuth implementations.

ApatchMe - Authenticated Stored XSS Vulnerability in AWS and GCP Apache Airflow Services   #attack, #aws, #gcp
Unpatched Apache Airflow instances used in AWS and GCP allow an exploitable stored XSS through the task instance details page.

File Access Monitoring with Osquery: Weaponize your entire macOS fleet into a filesystem-based honeypot   #defend, #monitor
The article describes a collaboration to enhance osquery with macOS file access monitoring, aiding in detecting and responding to threats by monitoring file access events, which is particularly useful against attackers attempting to access or copy sensitive file contents on macOS endpoints.

The Kubernetes CVE-2023-3676 Windows command injection vulnerability - exploitation and prevalence   #attack, #kubernetes
A look into a recent Kubernetes vulnerability that affects Windows nodes, how to detect and remediate it.

Migrating to Google Workspace: Solving Email Routing Challenges   #build, #gcp, #gsuite
My firsthand experience with migrating from Cloudflare Email Routing to Google Workspace.


Production-ready detection & response queries for OSQuery.

Localtoast is a scanner for running security-related configuration checks such as CIS benchmarks in an easily configurable manner.

GOAD is a pentest active directory LAB project. The purpose of this lab is to give pentesters a vulnerable Active directory environment ready to use to practice usual attack techniques.

Tetragon 1.0
Tetragon 1.0 got released. You can read the companion blog post for details.

Weaponized Browser-in-the-Middle (BitM) for Penetration Testers.


O'Reilly: Identity-Based Infrastructure Access Management
Identity-Native Infrastructure Access is the concept of linking access to an identity. Instead of sharing passwords or other secrets, access is granted on an individual's identity. Deployed by the world's largest tech companies, it's the only way to securely scale access. So, how can you secure access to diverse infrastructure components, from bare metal to ephemeral containers, consistently and simply?
In this practical book, authors Ev Kontsevoy, Sakshyam Shah, and Peter Conrad break this topic into manageable pieces.

From the cloud providers

AWS Icon  Evolving cyber threats demand new security approaches - The benefits of a unified and global IT/OT SOC
Some of the benefits and considerations organizations should think through when looking at a unified and global information technology and operational technology (IT/OT) security operations center (SOC).

AWS Icon  Security considerations for running containers on Amazon ECS
Post covering six tips to enhance the security of your containers on ECS: manage access with IAM policies and roles, secure the network, secrets management, runtime, logging and monitoring, and security compliance.

AWS Icon  Refine permissions for externally accessible roles using IAM Access Analyzer and IAM action last accessed
How to use IAM Access Analyzer and action last accessed to refine the required permissions for your IAM roles that have a trust policy, which allows entities outside of your account to assume a role and access your resources.

AWS Icon  Transforming transactions: Streamlining PCI compliance using AWS serverless architecture
Post examining the benefits of using AWS serverless services and highlight how you can use them to help align with your PCI DSS compliance responsibilities.

AWS Icon  Approaches for migrating users to Amazon Cognito user pools
Two recommended approaches for migrating users into an Amazon Cognito user pool: bulk and just-in-time.

AWS Icon  Forward access sessions
Learn about passing your identity, permissions, and session attributes when an AWS service makes a request on your behalf.

GCP Icon  Building core strength: New technical papers on infrastructure security
Google announced a new series of technical whitepapers on infrastructure security. The series begins with two papers: Protecting the physical-to-logical space in a data center and Enforcing boot integrity on production machines.

GCP Icon  New educational lab for Security Command Center can help address security talent gap
To help address the chronic shortage of security talent, Google Cloud has introduced a new virtual, lab-based training for Security Command Center, that can be completed in just six hours.

GCP Icon  Introducing ransomware and threat detection for Backup and DR in Security Command Center
Powerful new rules in Security Command Center Premium can help customers quickly identify and remediate threats to backup and recovery infrastructure. Here's how.

GCP Icon  Gain access visibility and control with Access Transparency and Access Approval
Access Transparency and Access Approval provide customers with direct oversight of Google Cloud access to their resources when customer assistance or disaster recovery operations are underway.

Sponsor CloudSecList

If you want to get your product or job ad in front of thousands of security professionals, ranging from engineers to CISOs and VCs, at companies ranging from small start-ups to Fortune500 and FAANG, you can reach out at
📨 [email protected] 📨

Business News

  • Cloud Security: factors that make it a unique market (source)
  • Confirmed: Palo Alto Networks buys Dig Security, sources say for $400M (source)
  • No Way Out: The Changing World of Cybersecurity Exits (source)
  • Microsoft launches internal initiative to make its products more secure (source)
  • Cloudflare Announces Third Quarter 2023 Financial Results (source)
  • Chainguard secures $61m for open source software security boost (source)
  • Atlassian urges customers to take 'immediate action' to protect against data-loss security bug (source)
  • Cyber consolidation: SailPoint closes Osirium acquisition as Proofpoint to buy Tessian (source)
  • P0 Security Raises $5M in Seed Funding (source)
  • Orca Security Announces Generative AI Integration With Amazon Bedrock (source)

Thanks for reading!

If you found this newsletter helpful, I'd really appreciate if you could forward it to your friends and colleagues! 👌

If you have questions, comments, or feedback, let me know on Twitter (@lancinimarco / @CloudSecList), or at!

Forward Forward
Twitter Tweet
Share Share

How did you like this issue of CloudSecList?

1       2       3       4       5

Archives View in browser Sponsorship
© 2019-present, CloudSecList by Marco Lancini.