Release Date: 07/01/2024 | Issue: 219
Know someone who'd find this useful? Forward this email
CloudSecList is a newsletter for busy professionals who want to keep up to date with the cloud security industry. Hand-curated by Marco Lancini.
Sponsor
Looking to protect your workloads and APIs? SlashID Gate is an authorizer service to add authentication, authorization, and rate limiting to your APIs and workloads without deploying heavy service meshes like Istio or custom-built middleware. With Gate, you can enforce OPA policies for your workloads, add fine-grained authorization through OAuth 2.0 scopes to your APIs, and implement distributed rate limiting. Additionally, Gate can tokenize API keys and access tokens for third-party services, preventing the leakage of key material at runtime.
Post deep diving into the newly released Amazon EKS cluster access management features, as well as discussing threat detection opportunities based on the newly available CloudTrail events associated with this feature.
#aws #explain #iam
Wiz cloud security researcher, Scott Piper, suggests measures organizations can adopt to ensure secure defaults on AWS and improve their security posture.
#aws #defend
The article exposes a privilege escalation vulnerability in Google Kubernetes Engine, involving misuse of FluentBit and Anthos Service Mesh, allowing attackers to gain full cluster control.
#attack #gcp #kubernetes
Post explaining how to use wolfi-base with Docker tooling by looking at using Chainguard base images, including "static" and "wolfi-base".
#build #containers
Sponsor CloudSecList in 2024
If you want to get your product in front of thousands of security professionals, ranging from engineers to CISOs and VCs, at companies ranging from small start-ups to Fortune500 and FAANG, take a look at: ๐ cloudseclist.com/sponsor
An AWS credential_process credential provider that sources credentials from AWS Systems Manager's Default Host Management Configuration. It allows an EC2 instance to assume a role without an associated instance profile.
This post outlines four use cases you can use with the On-demand malware scan feature: Scan based on tag, scan on a schedule, scan as part of an investigation, and scan in a deployment pipeline.
AWS Signer is a fully managed code-signing service to help ensure the trust and integrity of your code. It helps you verify that the code comes from a trusted source and that an unauthorized party has not accessed it.
Google Cloud is launching, at no cost, a secret discovery tool in Sensitive Data Protection that can find and monitor for stored plaintext credentials.