Release Date: 18/02/2024 | Issue: 225
Know someone who'd find this useful? Forward this email
CloudSecList is a newsletter for busy professionals who want to keep up to date with the cloud security industry. Hand-curated by Marco Lancini.
Sponsor

Low-code workflow automation for SecOps teams
n8n is a workflow automation platform designed for technical teams. It features an intuitive user interface that allows custom code steps in Python or JavaScript, making it ideal for tasks such as threat detection, alert management, monitoring and more. Explore template examples:
  • Self-hostable with source available code
  • Integrate with any API with 400 pre-built integrations, pre-configured credentials or raw HTTP requests
  • See all the data flowing in and out of each step with just one click
Learn more

This week's articles


(Almost) Every infrastructure decision I endorse or regret after 4 years running infrastructure at a startup
The author reviews infrastructure decisions over four years at a startup, covering successful choices and regrets, emphasizing AWS, EKS, managed services, automation, and the value of early adoption and GitOps.   #aws   #containers   #kubernetes   #strategy


Cloud cryptography demystified: Amazon Web Services
This post, part of a series on cryptography in the cloud, provides an overview of the cloud cryptography services offered within AWS : when to use them, when not to use them, and important usage considerations.   #aws   #explain


How to be IR Prepared in AWS
This blog aims to demystify AWS' sometimes complicated logging methods to help organizations prepare for when a security incident occurs, outlining which logs should be enabled for the purpose of incident investigations.   #aws   #monitor


Images as Code: The pursuit of declarative image builds
Chainguard's CTO Matt Moore describes the process of creating a declarative container image build for Chainguard Images.   #build   #containers


(An Attempt at) Detecting Managed Identity Abuse
The aim of this article is to provide a few examples of how Managed Identities can be misused and how to detect this abuse by utilizing the logging features within Azure & Entra.   #attack   #azure


Fargate Is Not Firecracker
A common misconception that AWS never corrected anyone about.   #aws   #explain


The Attackers Guide to Azure AD Conditional Access
Post showing why it is important to understand the Conditional Access policy evaluation process and how to find and exploit flaws in a policy design.   #attack   #azure


The Two-Headed SIEM Monster
Industry trends point to multiple SIEMs becoming a wider problem for security operations.   #monitor   #strategy


Supply Chain Vulnerability in Bazel
A GitHub Actions workflow could have been injected by a malicious code due to a command injection vulnerability in one of Bazel's dependent Actions.   #attack   #ci/cd

Sponsor

Elevate Your AWS Security with Prowler
  • Discover and secure critical AWS aspects with ease
  • Gain actionable insights and control over cloud workloads
  • Continuous, cutting-edge security measures
  • Trusted by leading orgs
Ready to transform your AWS security? Start your 15 day free trial

Tools


terraform-provider-chronicle
A terraform provider for chronicle.


gcp-aws-iam-federation-webidentity
Creates resources needed for federating access between a GCP service account and AWS IAM role.


lolcerts
A repository of code signing certificates known to have been leaked or stolen, then abused by threat actors.


syslog-ng
Syslog-ng is an enhanced log daemon, supporting a wide range of input and output methods: syslog, unstructured text, queueing, SQL & NoSQL.


hurl
Hurl, run and test HTTP requests with plain text.

From the cloud providers


#AWS   How to enforce creation of roles in a specific path: Use IAM role naming in hierarchy models
This blog post explores the effective implementation of security controls within IAM roles, placing a specific focus on the IAM role's path feature.


#AWS   Announcing the Data Solutions Framework on AWS
The Data Solutions Framework on AWS is an open source framework to simplify and accelerate the implementation of data solutions.


#AWS   SaaS access control using Amazon Verified Permissions with a per-tenant policy store
How you can use Amazon Verified Permissions for access control in a multi-tenant document management SaaS application using a per-tenant policy store approach.


#GCP   TensorFlow Threat Model and Security Guidelines Update
Google announced an update to the TensorFlow threat model, providing updates to security recommendations, clear examples, and a baseline for defining scope in the Google Vulnerability Reward Program.


#GCP   Detecting Suspicious Entra ID Activity Using Office 365 Logs
A set of detections that you can leverage in Chronicle with your Azure Active Directory (Entra ID).


#AZURE   General availability: Improvements in Azure Key Vault
Improvements in Azure Key Vault: FIPS 140-2 Level 3, PCI DSS and PCI 3DS certified for all customers.

Thanks for reading!

If you found this newsletter helpful, I'd really appreciate if you could forward it to your friends and colleagues! ๐Ÿ‘Œ

If you have questions, comments, or feedback, let me know on Twitter (@lancinimarco / @CloudSecList), or at feedback.cloudseclist.com!

Thanks,
Marco
Forward Forward
Twitter Tweet
Share Share

How did you like this issue of CloudSecList?

1       2       3       4       5

Archives View in browser Sponsorship
ยฉ 2019-present CloudSecList ยท Marco Lancini