Release Date: 10/12/2023 | Issue: 217
Know someone who'd find this useful? Forward this email
CloudSecList is a newsletter for busy professionals who want to keep up to date with the cloud security industry. Hand-curated by Marco Lancini.
Sponsor

Give Your GRC Some TLC
Simplify your security and manage compliance 80% faster with automated evidence collection and control monitoring.
See why 3,500+ customers choose Drata to automate compliance for SOC 2, ISO 27001, GDPR, and 14 other frameworks with none of the manual work. That’s right—no screenshots or spreadsheets. Plus, you get a real-time view of your compliance status so you’re never caught off guard before an audit.
Want to see the automation in action? Request a demo to get 10% off and waived implementation fees.
[Get a Demo]

This week's articles


Exploring a Critical Risk in Google Workspace's Domain-Wide Delegation Feature
A security risk discovered in the Google Cloud Platform domain-wide delegation feature allows a user to generate an access token to Google Workspace, granting unauthorized access to data and other key tools.   #attack   #gsuite


Making Okta do keylogging for you
How to use Okta to do keylogging for you, without needing to have your own malicious domain hosting your malicious SAML server.   #attack   #saas


Dots do matter: Why dots in Gmail addresses impact Google Workspace investigations
If you're an investigator, and a Gmail address is involved in an incident, those dots may result in you missing valuable data if you are not aware of the gotchas that result from this situation.   #gsuite   #monitor


Cloudypots: Our Latest Method for Uncovering Novel Attack Techniques
A new method to run honeypot VMs using OpenStack for discovering new malware and attack vectors.   #monitor


Avoid accidental exposure of authenticated Amazon API Gateway resources
The article advises securing Amazon API Gateway by setting default authorizers and applying resource policies for IAM authentication, to prevent accidental exposure and enhance security through defense in depth.   #aws   #defend


terraform-null-label: the why and how it should be used
A post highlighting the "terraform-null-label" module, diving into what it is, why it's great, and some potential use cases in Terraform configurations.   #build   #terraform


Kubernetes security fundamentals: API Security
A look at the APIs used by Kubernetes in it's operation and how they're secured.   #defend   #kubernetes

Sponsor

Security practitioners are understaffed and overworked, and 55% of them are likely to switch jobs in the next year.
That’s according to a new report by Tines featuring perspectives from 900 security professionals in the US and Europe. The free-to-access report includes insights into the top frustrations facing security teams, which leaders can use to improve retention and tackle burnout at the source.
Learn more in the 2023 Voice of the SOC report

Tools


BlueHound
A tool to scan internal networks and tell IT teams what paths an attacker would/could take if they ever compromised them.


vault-plugin-database-cloudsql
Hashicorp Vault plugin to connect to CloudSQL instances. You can also refer to the companion blog post.


rtx
Rtx is a tool for managing programming language and tool versions.


terraform-aws-github-runner
Terraform module for scalable GitHub action runners on AWS.


aws-summarize-account-activity
Analyzes CloudTrail data of a given AWS account and generates a summary of recently active IAM principals, API calls they made and regions that were used.

From the cloud providers


#AWS   Zonal autoshift - Automatically shift your traffic away from Availability Zones when we detect potential issues
A new capability of Route 53 Application Recovery Controller that you can enable to automatically and safely shift your workload's traffic away from an Availability Zone when AWS identifies a potential failure affecting that Availability Zone and shift it back once the failure is resolved.


#AWS   Three new capabilities for Amazon Inspector broaden the realm of vulnerability scanning for workloads
Amazon Inspector can now continuously monitor your Amazon Elastic Compute Cloud (Amazon EC2) instances without installing an agent or additional software.


#AWS   How to improve cross-account access for SaaS applications accessing customer accounts
Three ways to improve your cross-account access implementation for your products: using IAM roles and an external ID, using least-privilege IAM policies and role chaining, and using role tags and session tags for attribute-based access control.


#AWS   Optimize AWS administration with IAM paths
How you can use IAM paths to organize IAM policies and roles and provide examples you can use as a foundation for your own use cases.


#AWS   Use IAM Roles Anywhere to help you improve security in on-premises container workloads
How to help meet your security goals for a containerized process running outside of AWS as part of a hybrid cloud architecture.


#GCP   Threat Detection, Investigation, and Response in the Cloud
A paper from Google which seeks to offer an understanding of why threat detection, investigation, and response (TDIR) is different in the cloud.


#GCP   DevSecOps and CICD using Google Cloud Built-in Services
How to build a secure CI/CD pipeline using Google Cloud's built-in services using Cloud Build, Cloud Deploy, Artifact Registry, Binary Authorization and GKE.


#AZURE   Microsoft Incident Response lessons on preventing cloud identity compromise
Different scenarios involving misconfigured hybrid identity setups that could lead to compromise of Microsoft Entra ID.

Business News

Thanks for reading!

If you found this newsletter helpful, I'd really appreciate if you could forward it to your friends and colleagues! 👌

If you have questions, comments, or feedback, let me know on Twitter (@lancinimarco / @CloudSecList), or at feedback.cloudseclist.com!

Thanks,
Marco
Forward Forward
Twitter Tweet
Share Share

How did you like this issue of CloudSecList?

1       2       3       4       5

Archives View in browser Sponsorship
© 2019-present CloudSecList · Marco Lancini