Release Date: 28/01/2024 | Issue: 222
Know someone who'd find this useful? Forward this email
CloudSecList is a newsletter for busy professionals who want to keep up to date with the cloud security industry. Hand-curated by Marco Lancini.
Sponsor

Feeling lost in the vulnerability maze? Backslash empowers your AppSec teams to prioritize and uncover risks in your application code with precision. Say goodbye to old-school AppSec tools—Backslash kicks SAST, SCA, Secrets, Licenses, and more to the curb! Take back control of your AppSec strategy!
Explore Backslash Now or Download our ASPM ebook for valuable insights and strategies. Download Ebook Now

This week's articles


A Recipe for Scaling Security
There are vastly more engineers at Google dedicated to creating and maintaining new products than there are security engineers working to secure products. For this reason, Google security has to focus on operating at scale and find ways to make meaningful security improvements across Google's vast portfolio of services.   #strategy


Azure Attack Paths
Post shedding some light on known attack paths in an Azure environment.   #attack   #azure


Mastering Kubernetes security: Safeguarding your container kingdom
Post outlining a Kubernetes security model and analyzing the threat landscape to provide security analysts with a better understanding of their organization's Kubernetes environment.   #defend   #kubernetes


Kubernetes Scheduling And Secure Design
Having a security-oriented scheduling strategy can help to reduce the overall risk of workload compromise in a comprehensive security design. If critical workloads are separated at the scheduling decision, the blast radius of a compromised pod is reduced.   #attack   #defend   #kubernetes


Forging signed commits on GitHub
A bug in an internal GitHub API that allowed attackers to trick the internal API into signing commits as any user.   #attack   #ci/cd


How least privilege leads to a false sense of security
A view on least privilege which proposes its application misleads us in a wrong sense of security.   #aws   #defend


Sys:All Google Kubernetes Engine Risk
The Orca Research Pod has discovered a risk in Google Kubernetes Engine (GKE) that would allow an attacker with any Google account to take over a Kubernetes cluster. You can also read the follow up blog post.   #attack   #gcp   #kubernetes

Sponsor

Simplify Cloud Security with Prowler's Expertise
Prowler offers an effortless approach to AWS security, providing clear, actionable insights to protect your cloud assets. With our continuous monitoring and advanced threat detection, you can focus on what's important while we handle the complexities of cloud security. Secure your AWS environment more effectively.
Sign up for your free trial today!

Tools


aws-scps-for-sandbox-and-training-accounts
Collection of example Service Control Policies (SCPs) that are useful for sandbox and training AWS accounts.


awesome-billing
Billing & Payments knowledge for cloud platforms.


notation
A CLI tool to sign and verify artifacts.


data-perimeter-policy-examples
Example policies demonstrating how to implement a data perimeter on AWS.


oci-seccomp-bpf-hook
OCI hook to trace syscalls and generate a seccomp profile.

From the cloud providers


#AWS   How to build a unified authorization layer for identity providers with Amazon Verified Permissions
How you can use multiple Amazon Cognito user pools alongside Amazon Verified Permissions to build a single access layer to APIs.


#AWS   How Zurich Insurance Group built their Scalable Account Vending process using AWS Account Factory for Terraform
By adopting AWS Control Tower Account Factory for Terraform, Zurich were able to achieve the scalability, resilience and performance to support provisioning of a projected 3000+ accounts.


#AZURE   Azure Network Watcher introduces Connectivity Check (Preview)
The Azure Network Watcher Connectivity Check feature helps to drastically reduce the amount of time needed to find and detect connectivity issues in the infrastructure.

Thanks for reading!

If you found this newsletter helpful, I'd really appreciate if you could forward it to your friends and colleagues! 👌

If you have questions, comments, or feedback, let me know on Twitter (@lancinimarco / @CloudSecList), or at feedback.cloudseclist.com!

Thanks,
Marco
Forward Forward
Twitter Tweet
Share Share

How did you like this issue of CloudSecList?

1       2       3       4       5

Archives View in browser Sponsorship
© 2019-present CloudSecList · Marco Lancini