CloudSecList is a newsletter for busy professionals who want to keep up to date with the cloud security industry. Hand-curated by Marco Lancini.
If you received it, you either subscribed or someone forwarded it to you. If you fit in the latter camp and want to subscribe, then you can click on this button:
Prioritize Your Most Harmful Cloud Security Risks Rapid changes in the cloud without automated security create a perfect stormβa proliferation of misconfigurations and vulnerabilities that generate excessive security alerts. Without the context, security professionals waste time assessing and addressing low-level risks, leaving the organization vulnerable. Eliminate alert noise:
The article discusses a security vulnerability in Azure Function Apps, where Linux containers use an encrypted startup context file that can be decrypted to expose sensitive data, including Managed Identity certificates.
Post analyzing a well-known attack vector and then showing how to build a module for Stratus Red Team, a self-contained binary we can use to detonate offensive attack techniques against a live cloud environment easily.
A list of the best Cloud Security tools on the market based on hands on use with clear categorization of when to use cloud native, open source, or commercial tools.
Compare the costs of V1 and V2 CodePipeline types based on historic usage.
Sponsor CloudSecList
If you want to get your product or job ad in front of thousands of security professionals, ranging from engineers to CISOs and VCs, at companies ranging from small start-ups to Fortune500 and FAANG, you can reach out at π¨ [email protected] π¨
AWS Audit Manager customers can now access a prebuilt standard framework to help gain visibility into how their generative AI implementation on Amazon Bedrock is working against AWS recommended best practices.
Amazon announced the availability of the CloudFront security dashboard, a unified experience that brings AWS WAF visibility and controls directly to your CloudFront distribution.
You now have the ability to disable public sharing of new, and optionally existing, Amazon Elastic Block Store (Amazon EBS) snapshots on a per-region, per-account basis.
A solution that provides you with visibility into sensitive data residing across a fleet of AWS accounts through a ChatOps-style notification mechanism using Microsoft Teams, which also provides contextual information needed to conduct security investigations.
Amazon CodeWhisperer, Amazon CodeGuru and Amazon Inspector not only aids in early risk identification and mitigation, it empowers your development and security teams, leading to more efficient and secure business outcomes.
New Data Loss Prevention (DLP) rules with Context-Aware conditions can provide the ability to control sensitive information transfers based on user and device attributes.
Azure Monitor alerts as a destination in Event Grid event subscriptions allow you to receive notification of critical events via action groups as Short Message Service (SMS), email, push notification, and more.
