Release Date: 17/12/2023 | Issue: 218
Know someone who'd find this useful? Forward this email
CloudSecList is a newsletter for busy professionals who want to keep up to date with the cloud security industry. Hand-curated by Marco Lancini.
๐ Holiday Break ๐ After this issue, I will take a couple weeks off to disconnect and recharge. CloudSecList will return in January!
Sponsor
Has Your Secret Leaked? HasMySecretLeaked detects if secrets like API keys are exposed on public GitHub. It scans a comprehensive database of over 20 million leaks, hashes secrets in the local environment, and securely detects exposure. Additionally, it can be connected to vaults or .env files, enabling teams to shift security left and ensure integrity at each deployment stage. Proactively Protect Your Code with HasMySecretLeaked
How the Figma security engineering team leveraged commit signatures and Okta Device Trust certificates to protect GitHub release branches.
#ci/cd #defend
A lack of security controls of the underlying Open Source Software (OSS) managed solution allows an attacker with knowledge of the Dataproc IP address to access it without any authentication.
#attack #gcp
Post outlining the rise of Adversary in The Middle (AiTM) attacks in compromising Microsoft 365 environments, bypassing MFA, and highlights the severe impact due to the reliance on Microsoft 365 SSO for various services.
#attack #microsoft #saas
The threat actors misused the OAuth applications with high privilege permissions to deploy virtual machines (VMs) for cryptocurrency mining, establish persistence following business email compromise (BEC), and launch spamming activity using the targeted organization's resources and domain name.
#attack #saas
GitHub shares insights about how they run a scalable vulnerability management program built on top of GitHub.
#build #ci/cd
Sponsor CloudSecList in 2024
If you want to get your product or job ad in front of thousands of security professionals, ranging from engineers to CISOs and VCs, at companies ranging from small start-ups to Fortune500 and FAANG, take a look at: ๐ cloudseclist.com/sponsor
Active Directory Certificate Services (AD CS) is commonly used in Active Directory environments to manage Public Key Infrastructure (PKI) and it plays a critical role in instrumenting digital certificates.