Release Date: 12/11/2023 | Issue: 213
CloudSecList is a newsletter for busy professionals who want to keep up to date with the cloud security industry. Hand-curated by Marco Lancini.

If you received it, you either subscribed or someone forwarded it to you. If you fit in the latter camp and want to subscribe, then you can click on this button:
Sign Up

Detect transitive access to sensitive Google Cloud resources
Transitive access via service accounts is a common security vulnerability in Google Cloud configurations. This in-depth guide explains transitive access, the permissions that allow it, and how to detect it using the Google Policy Analyzer or alternative methods.
It also provides best practices for securing service account keys and recommends a powerful tool for assessing IAM configurations to secure your Google Cloud resources.
Learn more!

This week's articles

Scaling Detection and Response Operations at Coinbase   #monitor
A three-part blog series covering some of the strategies and systems that the CSIRT has implemented at Coinbase to investigate and respond to threats more effectively.

Terraform Security Best Practices   #build, #defend, #terraform
Post providing guidance for using Terraform in a secure way by reference to some security best practices around auditing Terraform configurations, managing access credentials, and creating DIY Terraform modules.

Key Takeaways from the 2023 Kubernetes Security Report   #attack, #defend, #kubernetes
Get the key highlights from the 2023 Kubernetes Security Report, which analyzed 200,000+ cloud accounts to break down the state of Kubernetes security.

The Triforce of Initial Access   #attack, #azure, #saas
The article emphasizes that the success of Red Teaming often hinges on the quality of information (loot) gathered and the effectiveness of the tools used, such as Evilginx, ROADtools, and TeamFiltration, complemented by the Bobber script.

A Comprehensive Guide to Testing in Terraform: Keep your tests, validations, checks, and policies in order   #build, #terraform
You have many options to use when it comes to testing and validating your Terraform configurations and modules. The newest addition to these options is the native Terraform testing framework. This in combination with custom conditions, check blocks, and policies allow for creating robust infrastructure-as-code. This post is a comprehensive guide to testing and validation in Terraform.

Secure Application Communications with Mutual TLS and Istio   #explain, #istio, #kubernetes
Post discussing the requirements of secure communication among applications, how mTLS enables and meets all those requirements, along with simple steps to get you started with enabling mTLS among your applications using Istio.

Weather Forecast: Money Is Going to Rain from the Cloud   #attack, #azure
SafeBreach researchers discovered and exploited a billing flaw in Azure Automation Service, enabling free, hidden, and unstoppable cryptocurrency mining using Python scripts and Runbooks.

Spoofing Microsoft Entra ID Verified Publisher Status   #attack, #azure
It was possible to manipulate the consenting process of a legitimate verified publisher application to implant malicious unverified applications within a Microsoft Entra ID tenant.


Kubernetes audit logging, when you don't control the control plane.

Repository that contains a set of purposefully erroneous Yara rules. It is meant as a training vehicle for new security analysts, those that are new to Yara and even Yara veterans that want to keep their rule writing (and debugging) sharp.

A Terraform module that makes it a snap to opt out of all AWS AI/ML data harvesting.

Session Hijacking Visual Exploitation is a tool that allows for the hijacking of user sessions by injecting malicious JavaScript code.

Automatically provision database users from SSO.

Multi Tool Kubernetes Pentest Image.


Activate GCP
Step-by-step instructions (with screenshots) for activating GCP in a Google Workspace account.


Give Your GRC Some TLC
Simplify your security and manage compliance 80% faster with automated evidence collection and control monitoring.
See why 3,200+ customers choose Drata to automate compliance for SOC 2, ISO 27001, GDPR, and 14 other frameworks with none of the manual work. That’s right—no screenshots or spreadsheets. Plus, you get a real-time view of your compliance status so you’re never caught off guard before an audit.
Want to see the automation in action? Request a demo to get 10% off and waived implementation fees.
Get a Demo

From the cloud providers

AWS Icon  Amazon EC2 Instance Metadata Service IMDSv2 by default
Effective mid-2024, newly released Amazon EC2 instance types will use only version 2 of the EC2 Instance Metadata Service (IMDSv2).

AWS Icon  Build an entitlement service for business applications using Amazon Verified Permissions
A comprehensive and centralized approach to managing access policies, reducing administrative overhead, and empowering line-of-business users to define, administer, and enforce application entitlement policies.

AWS Icon  How to create an AMI hardening pipeline and automate updates to your ECS instance fleet
How to create a workflow to enhance Amazon ECS-optimized AMIs by using the CIS Docker Benchmark and automatically updating your EC2 instances in your ECS cluster with the newly created AMIs.

AWS Icon  How to improve your security incident response processes with Jupyter notebooks
How to automate the tasks of gathering data, presenting the data, and providing procedures and next steps for the findings.

GCP Icon  Introducing ransomware and threat detection for Backup and DR in Security Command Center
Powerful new rules in Security Command Center Premium can help customers quickly identify and remediate threats to backup and recovery infrastructure.

GCP Icon  Introducing Advanced Vulnerability Insights for GKE
Artifact Analysis in partnership with Google Kubernetes Engine has introduced a new vulnerability scanning offering called Advanced Vulnerability Insights.

GCP Icon  Google's AI Security Framework
Google introduced the Secure AI Framework (SAIF), a conceptual framework to secure AI systems.

GCP Icon  Get real-time notifications on IAM privilege grants in Google Cloud
Using Cloud Asset Inventory, Pub/Sub and Cloud Functions to generate real-time notifications for IAM policy changes.

Business News

  • Tidal Cyber secures $5m seed investment (source)
  • Collaborative defense: Snyk and SentinelOne integrate platforms to bolster cybersecurity (source)
  • Palo Alto Networks snaps up Talon to enhance enterprise browser security (source)
  • Myrror Security seals $6m in seed funding to tackle software supply chain threats (source)
  • Threat-informed defense startup Tidal Cyber raises $5M for platform growth (source)

Thanks for reading!

If you found this newsletter helpful, I'd really appreciate if you could forward it to your friends and colleagues! 👌

If you have questions, comments, or feedback, let me know on Twitter (@lancinimarco / @CloudSecList), or at!

Forward Forward
Twitter Tweet
Share Share

How did you like this issue of CloudSecList?

1       2       3       4       5

Archives View in browser Sponsorship
© 2019-present, CloudSecList by Marco Lancini.