Release Date: 04/02/2024 | Issue: 223
Know someone who'd find this useful? Forward this email
CloudSecList is a newsletter for busy professionals who want to keep up to date with the cloud security industry. Hand-curated by Marco Lancini.
Sponsor

The 2024 Cloud-Native Security and Usage Report from Sysdig is hot off the press!
Data from the global report reveals that identity and access management remains the most overlooked cloud attack risk. 98% of permissions go unused, leaving access exposed to attackers.
Do you opt for speed and convenience or follow security best practices? Whether you’re a security leader or hands-on practitioner, you’ll find invaluable information in the report to fuel your cloud security strategy.
Read this blog to learn more, including the top 5 trends for 2024.

This week's articles


Leaky Vessels: Docker and runc Container Breakout Vulnerabilities
Snyk Security Labs Team has identified four container breakout vulnerabilities in core container infrastructure components including Docker and runc, which also impacts Kubernetes.   #attack   #containers   #kubernetes


The curious case of [email protected]
An AWS incident response story, including the techniques used by the threat actor.   #attack   #aws   #monitor


The Risks of a Leaked Stripe API Key
Millions of businesses use Stripe's payment processing platform everyday. What could happen if a Stripe API key is leaked (or stolen)?   #attack   #saas


On Reviewing Employee Accesses Managed Through Okta
How Mercari's Security team approached the challenge of reviewing user access permissions in Okta, while dealing with legacy configurations and practices.   #defend   #saas


Excessive Expansion: Uncovering Critical Security Vulnerabilities in Jenkins
This blog uncovers two vulnerabilities potentially allowing to gain Remote Code Execution on a Jenkins instance.   #attack   #ci/cd


GKE/Gmail vulnerability: notes and tips
Security researchers have discovered a new Google Kubernetes Engine misconfiguration that could allow attackers with a basic Gmail account to take control of a Kubernetes (k8s) cluster.   #attack   #gcp   #kubernetes


Azure Arc as persistence technique: stealthier than one would think on Linux servers
Post analyzing how using Azure Arc as a persistence vector would work, and what kind of logs it would generate on the host.   #attack   #azure   #monitor


Behind the Scenes: Countering DDoS attacks with the power of cloud
Oracle Cloud details the rise and evolution of DDoS attacks, plus how scalable cloud architecture can mitigate the slew of malicious traffic.   #defend


Dependency Confusions in Docker and remote pwning of your infra
A dependency confusion is a supply chain attack where an attacker is able to poison the build by forcing the build system to retrieve his malicious dependency somewhere on the internet instead of the legitimate internal dependency.   #attack   #ci/cd


CIEM Part 2: Measure risk probability in IAM
Post that tries to classify IAM Roles or IAM User candidates for an attack.   #aws   #iam


KMS Key Policy Privilege Escalation
How can IAM identities escalate privileges to access customer-managed KMS keys protected by a key policy?   #attack   #aws   #iam


Scanning Git for Secrets: The 2024 Comprehensive Guide
How to use TruffleHog scan git for exposed secrets.   #ci/cd   #defend

Sponsor

Elevate Your AWS Security with Prowler
Prowler SaaS makes it easy to discover what is important in your AWS environment and make it more secure. Prioritize critical aspects with actionable insights, gaining control over your cloud workloads and ensuring continuous monitoring. Ready to elevate your cloud security game?
Sign up now for a free trial

Tools


PoiEx
Visualize and explore IaC. Create and share notes in VS Code. Sync notes and findings in real-time with friends. You can also refer to the companion blog post.


action-tmate
Debug your GitHub Actions via SSH by using tmate to get access to the runner system itself.


Jira-Lens
Fast and customizable vulnerability scanner For JIRA.


GraphRunner
A Post-exploitation Toolset for Interacting with the Microsoft Graph API.


github-to-aws
Set up GitHub Actions to deploy to AWS.

From the cloud providers


#AWS   Export a Software Bill of Materials using Amazon Inspector
How to export a consolidated SBOM for the resources monitored by Amazon Inspector across your organization in industry standard formats, including CycloneDx and SPDX.


#AWS   Ransomware on RDS - Security Event Simulation and Detection
This workshop simulates unauthorized data deletion events on an Amazon RDS instance and walks through some of the detection mechanisms employed by the AWS CIRT (Customer Incident Response Team) to respond to such security events.


#GCP   Announcing general availability of Custom Org Policy to help tailor resource guardrails with confidence
Custom Organization Policies is now generally available. The powerful new extension to Org Policies can create granular resource policies to address cloud governance requirements.


#GCP   Getting Started with Detection-as-Code and Chronicle Security Operations
Automate your Detection Engineering workflows by building a CI/CD pipeline to deploy & manage detection rules in Chronicle Security Operations.


#AZURE   Public preview: Disable Secure Shell (SSH) support in AKS
You can now disable SSH for AKS to reduce the attack surface on your cluster.


#AZURE   Generally Available: Support for Cross Region Restore for PostgreSQL backups
Cross region for Backup vault using Azure Backup is now generally available.


#AZURE   Public preview: Istio add-on for AKS now supports plug-in certificate authority (CA)
You can now bring your own certificates and keys to use with Istio add-on for signing workload certificates for improved security.

Thanks for reading!

If you found this newsletter helpful, I'd really appreciate if you could forward it to your friends and colleagues! 👌

If you have questions, comments, or feedback, let me know on Twitter (@lancinimarco / @CloudSecList), or at feedback.cloudseclist.com!

Thanks,
Marco
Forward Forward
Twitter Tweet
Share Share

How did you like this issue of CloudSecList?

1       2       3       4       5

Archives View in browser Sponsorship
© 2019-present CloudSecList · Marco Lancini