Release Date: 17/12/2023 | Issue: 218
Know someone who'd find this useful? Forward this email
CloudSecList is a newsletter for busy professionals who want to keep up to date with the cloud security industry. Hand-curated by Marco Lancini.
๐ŸŽ„ Holiday Break ๐ŸŽ„
After this issue, I will take a couple weeks off to disconnect and recharge.
CloudSecList will return in January!
Sponsor

Has Your Secret Leaked?
HasMySecretLeaked detects if secrets like API keys are exposed on public GitHub. It scans a comprehensive database of over 20 million leaks, hashes secrets in the local environment, and securely detects exposure. Additionally, it can be connected to vaults or .env files, enabling teams to shift security left and ensure integrity at each deployment stage.
Proactively Protect Your Code with HasMySecretLeaked

This week's articles


Introducing CloudSecGPT: Your Go-To AI for Cloud Security Insights
CloudSecGPT is a custom-built generative AI model that specializes in cloud security. Disclaimer: I wrote this post.   #announcement


Enforcing Device Trust on Code Changes
How the Figma security engineering team leveraged commit signatures and Okta Device Trust certificates to protect GitHub release branches.   #ci/cd   #defend


AWS Security Services Best Practices
Best practices for configuring AWS security services. From the AWS team.   #aws   #defend


Cloud services as exfiltration mechanisms
This article outlines how as an adversary you can use an AWS service to exfiltrate data.   #attack   #aws


Unauthenticated Access to GCP Dataproc Can Lead to Data Leak
A lack of security controls of the underlying Open Source Software (OSS) managed solution allows an attacker with knowledge of the Dataproc IP address to access it without any authentication.   #attack   #gcp


Intercepting MFA. Phishing and Adversary in The Middle attacks
Post outlining the rise of Adversary in The Middle (AiTM) attacks in compromising Microsoft 365 environments, bypassing MFA, and highlights the severe impact due to the reliance on Microsoft 365 SSO for various services.   #attack   #microsoft   #saas


Quick Tip: Minimizing Terraformed SCPs
How to tackle character limits in SCPs.   #aws   #build


Threat actors misuse OAuth applications to automate financially driven attacks
The threat actors misused the OAuth applications with high privilege permissions to deploy virtual machines (VMs) for cryptocurrency mining, establish persistence following business email compromise (BEC), and launch spamming activity using the targeted organization's resources and domain name.   #attack   #saas


Scaling vulnerability management across thousands of services and more than 150 million findings
GitHub shares insights about how they run a scalable vulnerability management program built on top of GitHub.   #build   #ci/cd

Sponsor CloudSecList in 2024

If you want to get your product or job ad in front of thousands of security professionals, ranging from engineers to CISOs and VCs, at companies ranging from small start-ups to Fortune500 and FAANG, take a look at:
๐Ÿ”— cloudseclist.com/sponsor

Tools


serverless-log
Serverless transparency log.


AWSAttacks
This repo contains IOC, malware and malware analysis associated with AWS cloud. You can also refer to the companion blog post.


CloakQuest3r
Uncover the true IP address of websites safeguarded by Cloudflare.


dnsteal
DNS Exfiltration tool for stealthily sending files over DNS requests.


iam-eks-user-mapper
A tool to automatically give AWS IAM users access to your Kubernetes cluster.


flowpipe
Flowpipe is a cloud scripting engine, providing automation and workflows to connect your clouds to the people, systems and data.

From the cloud providers


#AWS   Amazon CloudWatch Logs announces streaming API support for Live Tail
You can now view your logs interactively in real-time as they're ingested within your own custom applications or dashboards inside or outside of AWS.


#AWS   Governance at scale: Enforce permissions and compliance by using policy as code
How to automate Config and Control Tower checks.


#GCP   Introducing Cloud SQL IAM group authentication
New IAM groups authentication in Cloud SQL simplifies granting/revoking access to database objects at scale.


#GCP   Utilizing BigQuery to Analyze Exported Chronicle SIEM Archives
This post explores how to use the Data Export API, and effectively query exported raw logs using SQL statements in GCP BigQuery.


#GCP   Migrate from service account keys
An article that describes the process for migrating from service account keys to more secure authentication methods.


#AZURE   Securing AD CS: Microsoft Defender for Identity's Sensor Unveiled
Active Directory Certificate Services (AD CS) is commonly used in Active Directory environments to manage Public Key Infrastructure (PKI) and it plays a critical role in instrumenting digital certificates.

Business News

Thanks for reading!

If you found this newsletter helpful, I'd really appreciate if you could forward it to your friends and colleagues! ๐Ÿ‘Œ

If you have questions, comments, or feedback, let me know on Twitter (@lancinimarco / @CloudSecList), or at feedback.cloudseclist.com!

Thanks,
Marco
Forward Forward
Twitter Tweet
Share Share

How did you like this issue of CloudSecList?

1       2       3       4       5

Archives View in browser Sponsorship
ยฉ 2019-present CloudSecList ยท Marco Lancini