Release Date: 25/02/2024 | Issue: 226
Know someone who'd find this useful? Forward this email
CloudSecList is a newsletter for busy professionals who want to keep up to date with the cloud security industry. Hand-curated by Marco Lancini.
Sponsor

How did a top tier global financial services institution solve their Kubernetes authentication, RBAC, and multi-tenancy challenges?
  • Satisfied security and compliance requirements
  • Provide a great experience for developers
  • Secure support for dashboards and UIs
  • Decrease load on cluster support staff
  • 100% Open Source
Find out how in our case study (no registration required)

This week's articles


A few notes on AWS Nitro Enclaves: Images and attestation
The AWS Nitro Enclaves platform lacks thorough documentation and mature tooling. So the Trail of Bits team decided to do some deep research into it to fill in some of the documentation gaps and, most importantly, to find security footguns and offer some advice for avoiding them.   #aws   #defend


Detecting Manual AWS Actions: An Update!
An updated version of how to detect manual AWS actions from employees.   #aws   #monitor


Detecting AWS Canaries without Detonating them
TruffleHog Now Detects AWS Canaries without setting them off.   #aws   #monitor


Attack Techniques in Okta - A (Really) Deep Dive into Okta Key Terms
An overview of Okta's fundamental components and dive into each part of its environment.   #explain   #iam   #saas


10 Features to Enhance Your Okta Security Posture
Post breaking down 10 key security configurations and features to ensure robust authentication and identity management within your Okta instance to help prevent future attacks.   #defend   #iam   #saas


An AWS Ransomware Investigation
The post analyzes an AWS ransomware incident focusing on attacker tactics.   #aws   #defend


How to be IR prepared in Azure
This blog demystifies Azure's sometimes complicated logging methods, outlining which logs should be enabled and how to enable them.   #azure   #monitor


Pivoting from Microsoft Cloud to On-Premise Machines
This article demonstrates one situation discovered during a recent cloud penetration test that allowed the team to pivot from a Microsoft cloud environment to on-premise machines via PSRemoting.   #attack   #azure


Azure Devops Zero-Click CI/CD Vulnerability
The Legit Security research team has found and reported a zero-click attack that allowed attackers to submit malicious code and access secrets.   #attack   #azure


How I bypassed the control plane in Azure OpenAI
The Trust on Cloud team discovered a way to allow the management of Azure OpenAI deployments via the Data Plane, resulting in the loss of major security controls.   #attack   #azure

Sponsor

Stop BEC from the outside and ATO from the inside
Email-based attacks encompass a range of objectives from financial exploitation to data exfiltration. What’s common among them is the urgent pressure to spot and stop them. Material secures against these threats with a modern approach to email security, data loss prevention and posture management. Customers get a single-tenant, isolated instance, and complete control over the underlying infrastructure. Looking to complement your Microsoft or Google native defenses?
Get total email security with Material

Tools


magika
Detect file content types with deep learning.


PyGithub
A Python library to access the GitHub REST API.


security-labs-pocs
Proof of concept code for Datadog Security Labs referenced exploits.


actions-usage
Find your total usage on GitHub Actions.


terracognita
Reads from existing public and private cloud providers (reverse Terraform) and generates your infrastructure as code on Terraform configuration.

From the cloud providers


#AWS   How to automate rule management for AWS Network Firewall
How to automate firewall rule management within the central firewall using distributed firewall configurations spread across multiple AWS accounts.


#AWS   Detect Stripe keys in S3 buckets with Amazon Macie
How to use the new managed data identifier in Amazon Macie to discover and protect copies of your Stripe API keys.


#AWS   Best practices for managing Terraform State files in AWS CI/CD Pipeline
How to manage terraform state files in AWS, best practices on configuring them in AWS and an example of how you can manage it efficiently in your Continuous Integration pipeline in AWS when used with CodeCommit and CodeBuild.


#GCP   Wrangle your alerts with open source Falco and the gcpaudit plugin
You can use open-source runtime security platform Falco with Google Kubernetes Engine to monitor cluster and container workload security.


#AZURE   VNet flow logs (Preview)
Azure Network Watcher VNet flow logs are now in Preview.


#AZURE   Navigating NIS2 requirements with Microsoft Security solutions
With NIS2, the EU expands the original baseline of cybersecurity risk management measures and reporting obligations to include more sectors and critical organizations.

Business News

Thanks for reading!

If you found this newsletter helpful, I'd really appreciate if you could forward it to your friends and colleagues! πŸ‘Œ

If you have questions, comments, or feedback, let me know on Twitter (@lancinimarco / @CloudSecList), or at feedback.cloudseclist.com!

Thanks,
Marco
Forward Forward
Twitter Tweet
Share Share

How did you like this issue of CloudSecList?

1       2       3       4       5

Archives View in browser Sponsorship
Β© 2019-present CloudSecList Β· Marco Lancini