Release Date: 03/12/2023 | Issue: 216
Know someone who'd find this useful? Forward this email
CloudSecList is a newsletter for busy professionals who want to keep up to date with the cloud security industry. Hand-curated by Marco Lancini.
The re:Invent edition
With re:Invent happening this past week, this CloudSecList issue will have a more extensive section showcasing the primary security-related announcements that came out of it.
Back to business as usual from next week!
Sponsor

Teleport Assist: AI-powered conversation with your infrastructure
Teleport Assist utilizes GPT-4 to answer questions, bring insights, perform operations, and request access to your infrastructure using natural language. Teleport Assist can act as an assistant, running a playbook and queries with your permissions.
Try Teleport Assist for free for 14 days with Teleport Team

This week's articles


Preventing Accidental Internet-Exposure of AWS Resources
Many AWS customers have suffered breaches due to exposing resources to the Internet by accident. This three-part series walks through different ways to mitigate that risk.   #aws   #defend


How fast is CloudTrail today? Investigating CloudTrail delays using Athena
Investigating how long CloudTrail takes to deliver events in 2023.   #aws   #monitor


Deep dive into the new Amazon EKS Pod Identity feature
Earlier this week, AWS released a new feature, EKS Pod Identity, that aims to simplify granting AWS access to pods running in an EKS cluster. This post deep-dives into how this feature works, some elements that make it unique, and why you might consider using it.   #aws   #iam   #kubernetes


Pwning Cloud Contexts, The Endgame
Slides from a Black Hat MEA 2023 talk discussing how a GitHub token led to the compromise of an entire GCP organization.   #attack   #ci/cd   #gcp


What Is GitOps And Why Is It (Almost) Useless?
A post that critically assesses GitOps, focusing on the complexities and challenges it presents in managing multiple environments, handling secrets, and its comparison with CI Ops.   #ci/cd   #kubernetes


All the Small Things: Azure CLI Leakage and Problematic Usage Patterns
Post discussing the unintentional leakage of Azure Application Variables in GitHub build logs due to Azure CLI's default behavior.   #attack   #azure


Using Falco to Create Custom Identity Detections
Post exploring Falco's adaptable rule logic and providing a real-world example of crafting custom rules derived directly from Okta audit logs.   #falco   #monitor

Sponsor CloudSecList in 2024

If you want to get your product or job ad in front of thousands of security professionals, ranging from engineers to CISOs and VCs, at companies ranging from small start-ups to Fortune500 and FAANG, you can take a look at:
๐Ÿ”— cloudseclist.com/sponsor

Tools


cloudtrail2sightings
Convert cloudtrail data to MITRE ATT&CK Sightings.


azurechatgpt
Private & secure ChatGPT for internal enterprise use.


IMDSpoof
IMDSPOOF is a cyber deception tool that spoofs the AWS IMDS service to return HoneyTokens that can be alerted on.


IceKube
IceKube is a tool to help find attack paths within a Kubernetes cluster from a low privileged point, to a preferred location, typically cluster-admin. You can also refer to the companion blog post.

From the cloud providers


#AWS   [IAM] Upcoming improvements to your AWS sign-in experience
Starting in mid-2024, AWS will introduce a series of UI improvements to the AWS sign-in pages.


#AWS   [IAM] How to use the PassRole permission with IAM roles
Post explaining iam:PassRole, how you use it to interact with AWS services and resources, and the three prerequisites to successfully pass a role to a service.


#AWS   [IAM] Introducing IAM Access Analyzer custom policy checks
AWS announced the general availability of IAM Access Analyzer custom policy checks, a new IAM Access Analyzer feature that helps customers accurately and proactively check IAM policies for critical permissions and increases in policy permissiveness.


#AWS   [IAM] Amazon EKS Pod Identity simplifies IAM permissions for applications on Amazon EKS cluster
This enhancement provides you with a seamless and easy to configure experience that lets you define required IAM permissions for your applications in EKS clusters so you can connect with AWS services outside the cluster.


#AWS   [IAM] IAM Access Analyzer updates: Find unused access, check policies before deployment
AWS launched two new features for IAM Access Analyzer today: Unused Access Analyzer, and Custom Policy Checks.


#AWS   [Config] AWS Config now supports periodic recording: Efficiently scale your change tracking
Periodic recording captures the latest configuration changes of your resources once every 24 hours, reducing the number of changes delivered.


#AWS   [GuardDuty] Detect runtime security threats in Amazon ECS and AWS Fargate, new in Amazon GuardDuty
AWS announcined Amazon GuardDuty ECS Runtime Monitoring to help detect potential runtime security issues in ECS clusters running on both AWS Fargate and EC2.


#AWS   [SecurityHub] Introducing new central configuration capabilities in AWS Security Hub
With the release of the new central configuration feature of Security Hub, the setup and management of control and policy configurations is simplified and centralized to the same account you have already been using to aggregate findings.


#AWS   [Detective] Amazon Detective adds new capabilities to accelerate and improve your cloud security investigation
Detective added four new capabilities to help you save time and strengthen your security operations.


#AWS   [CloudWatch] Amazon CloudWatch Logs now offers automated pattern analytics and anomaly detection
CloudWatch has added new capabilities to automatically recognize and cluster patterns among log records, extract noteworthy content and trends, and notify you of anomalies using advanced machine learning (ML) algorithms.


#AWS   [CloudWatch] CloudWatch now supports hybrid and multicloud metrics querying and alarming
With this feature, you can consolidate and visualize metrics from sources such as Amazon OpenSearch Service, Amazon Managed Service for Prometheus, Azure Monitor, your own custom data sources, and query those metrics in real time.


#AWS   [S3] Scaling data access with Amazon S3 Access Grants
AWS recently announced a new feature that allows users to map identities in directories such as Microsoft Entra and Okta to datasets in Amazon S3.


#AWS   [ControlTower] AWS Control Tower adds new controls to help customers meet digital sovereignty requirement
AWS added to AWS Control Tower a set of 65 purpose-built controls to help you meet your digital sovereignty requirements.


#AWS   Announcing AWS Console-to-Code (Preview) to generate code for console actions
AWS Console-to-Code makes it easy to convert actions performed in the console to reusable code, in the language of your choice.

Business News

Thanks for reading!

If you found this newsletter helpful, I'd really appreciate if you could forward it to your friends and colleagues! ๐Ÿ‘Œ

If you have questions, comments, or feedback, let me know on Twitter (@lancinimarco / @CloudSecList), or at feedback.cloudseclist.com!

Thanks,
Marco
Forward Forward
Twitter Tweet
Share Share

How did you like this issue of CloudSecList?

1       2       3       4       5

Archives View in browser Sponsorship
ยฉ 2019-present CloudSecList ยท Marco Lancini