Release Date: 14/01/2024 | Issue: 220
Know someone who'd find this useful? Forward this email
CloudSecList is a newsletter for busy professionals who want to keep up to date with the cloud security industry. Hand-curated by Marco Lancini.
Sponsor

Identity-based attacks are now the most common form of cyber attack, making up around half of all breaches.
Push Security uses a browser extension to give your security team visibility of your whole internet-facing identity attack surface. Push then automatically hardens vulnerable identities, saving your security team time.
So if identity security is a priority for you in 2024, head over to pushsecurity.com to try it out for yourself.

This week's articles


Fuzzing and Bypassing the AWS WAF
The Sysdig Threat Research Team discovered techniques that allowed the AWS WAF to be bypassed using a specialized DOM event.   #attack   #aws


Exploring FBot  | Python-Based Malware Targeting Cloud and Payment Services
FBot arms threat actors with a multi-function attack tool designed to hijack cloud, Saas and web services.   #attack   #saas


Deep dive into AWS CloudShell
AWS CloudShell got a new capability in January 2024: running Docker containers.   #aws   #explain


From IRC to Instant Messaging: The Rise of Malware Communication via Chat Platforms
The Datadog Security Research team has observed numerous malware families leveraging chat platforms for malicious purposes.   #attack   #saas


Hunting M365 Invaders: Blue Team's Guide to Initial Access Vectors
Discover insights from the Splunk Threat Research Team on Microsoft 365 threat detection, focusing on data source analysis and effective methods for hunting initial access threats.   #azure   #monitor


Automating Managed Identity Token Extraction in Azure Container Registries
The “Tasks” functionality can be abused by attackers to generate tokens for any Managed Identities that are attached to the ACR.   #attack   #azure

Sponsor

Tired of time-consuming SOAR and TIP processes?
n8n is a low-code workflow automation platform that helps SecOps teams focus on genuine threats, reduce operational costs, and create a SOAR with an intuitive user interface that supports custom code steps in Python or JS.
  • Self-hostable with source available code.
  • Integrate with nearly any API using over 400 pre-built integrations and pre-configured credentials.
  • Simple handovers and collaboration with the less technical in your team.
  • See all the data flowing in and out of each step with just one click.
Learn More

Tools


s3zipper
A tool that allows downloading S3 directories as ZIP files.


copier
Library and command-line utility for rendering projects templates.


blog-devops-iamra
Enable external pipeline deployments to AWS Cloud by using IAM Roles Anywhere.


scnr
Deep file scanner tool.

From the cloud providers


#AWS   Automate Cedar policy validation with AWS developer tools
How to use developer tools on AWS to implement a build pipeline that validates the Cedar policy files against a schema and runs a suite of tests to isolate the Cedar policy logic.


#AWS   AWS Certificate Manager will discontinue WHOIS lookup for email-validated certificates
ACM will be discontinuing the use of WHOIS lookup for validating domain ownership when you request email-validated TLS certificates.

Business News

Thanks for reading!

If you found this newsletter helpful, I'd really appreciate if you could forward it to your friends and colleagues! 👌

If you have questions, comments, or feedback, let me know on Twitter (@lancinimarco / @CloudSecList), or at feedback.cloudseclist.com!

Thanks,
Marco
Forward Forward
Twitter Tweet
Share Share

How did you like this issue of CloudSecList?

1       2       3       4       5

Archives View in browser Sponsorship
© 2019-present CloudSecList · Marco Lancini