Release Date: 10/12/2023 | Issue: 217
Know someone who'd find this useful? Forward this email
CloudSecList is a newsletter for busy professionals who want to keep up to date with the cloud security industry. Hand-curated by Marco Lancini.
Sponsor
Give Your GRC Some TLC Simplify your security and manage compliance 80% faster with automated evidence collection and control monitoring. See why 3,500+ customers choose Drata to automate compliance for SOC 2, ISO 27001, GDPR, and 14 other frameworks with none of the manual work. That’s right—no screenshots or spreadsheets. Plus, you get a real-time view of your compliance status so you’re never caught off guard before an audit. Want to see the automation in action? Request a demo to get 10% off and waived implementation fees. [Get a Demo]
A security risk discovered in the Google Cloud Platform domain-wide delegation feature allows a user to generate an access token to Google Workspace, granting unauthorized access to data and other key tools.
#attack #gsuite
If you're an investigator, and a Gmail address is involved in an incident, those dots may result in you missing valuable data if you are not aware of the gotchas that result from this situation.
#gsuite #monitor
The article advises securing Amazon API Gateway by setting default authorizers and applying resource policies for IAM authentication, to prevent accidental exposure and enhance security through defense in depth.
#aws #defend
A post highlighting the "terraform-null-label" module, diving into what it is, why it's great, and some potential use cases in Terraform configurations.
#build #terraform
A look at the APIs used by Kubernetes in it's operation and how they're secured.
#defend #kubernetes
Sponsor
Security practitioners are understaffed and overworked, and 55% of them are likely to switch jobs in the next year. That’s according to a new report by Tines featuring perspectives from 900 security professionals in the US and Europe. The free-to-access report includes insights into the top frustrations facing security teams, which leaders can use to improve retention and tackle burnout at the source. Learn more in the 2023 Voice of the SOC report
Analyzes CloudTrail data of a given AWS account and generates a summary of recently active IAM principals, API calls they made and regions that were used.
A new capability of Route 53 Application Recovery Controller that you can enable to automatically and safely shift your workload's traffic away from an Availability Zone when AWS identifies a potential failure affecting that Availability Zone and shift it back once the failure is resolved.
Amazon Inspector can now continuously monitor your Amazon Elastic Compute Cloud (Amazon EC2) instances without installing an agent or additional software.
Three ways to improve your cross-account access implementation for your products: using IAM roles and an external ID, using least-privilege IAM policies and role chaining, and using role tags and session tags for attribute-based access control.
How to build a secure CI/CD pipeline using Google Cloud's built-in services using Cloud Build, Cloud Deploy, Artifact Registry, Binary Authorization and GKE.