Release Date: 10/03/2024 | Issue: 228
Know someone who'd find this useful? Forward this email
CloudSecList is a newsletter for busy professionals who want to keep up to date with the cloud security industry. Hand-curated by Marco Lancini.
Sponsor

To combat active cloud risk, you need to see what’s happening right now
Cloud attacks are fast, and operating in the cloud securely requires a new mindset. Sysdig’s 5/5/5 Benchmark for Cloud Detection and Response is a new standard for incident response.
To meet this benchmark, security teams need to focus on the right now — deployed applications — not only pre-delivery scanning. Runtime Insights are key to identifying in-use vulnerabilities that pose an active risk.
→ Read more about why runtime insights are required in the cloud, and the 5/5/5 Benchmark

This week's articles


Exploring the GitHub Advisory Database for fun and (no) profit
Trying to find the 2-3 vulnerabilities that really matter when you are slammed with thousands is a tough challenge.   #defend


From Lighthouse to Loran - Navigating GCP Security Auditing Tools
Set sail on a secure journey through Google Cloud Platform with built-in and open-source auditing tools.   #gcp   #monitor


Monitoring Your Assets in the Face of Emerging Cloud-Squatting Attacks
Post explaining root causes and mitigating actions against Cloud-Squatting.   #attack


The AWS S3 Denial of Wallet amplification attack
If you publicly host large data files on AWS S3 and pay for AWS transfer costs, you may be vulnerable to a "Denial of Wallet" amplification attack.   #attack   #aws


Meet Silver SAML: Golden SAML in the Cloud
Semperis researchers have discovered Silver SAML: a new application of Golden SAML that can be exploited in Entra ID and without AD FS.   #attack   #azure


Key Metrics for Monitoring Etcd
Learn about the etcd metrics that can help you understand the health and performance of your clusters.   #kubernetes   #monitor


The mystery of the EnrichedOffice365AuditLogs solved
With Global Secure Access enabled access to the Microsoft 365 services such as SharePoint/OneDrive will be recorded in the EnrichedOffice365AuditLogs.   #azure   #monitor

Sponsor

CVE Management is Painful. It Doesn’t Need to be. Find Out Why.
Chainguard Lab's latest research delves into CVE management within container environments, revealing a startling truth: organizations are spending thousands of hours annually on tasks related to scanning, triaging, and remediating CVEs. The report highlights the challenges faced by companies, including the significant time and resources consumed by CVE management.
Download the full report

Tools


symphony
CI/CD for IaC on multiple orchestrators.


Cirrus
Cirrus is a command-line tool written in Python to facilitate environment access and evidence collection across Google Cloud.


TrailDiscover
An evolving repository of CloudTrail events with detailed descriptions, MITRE ATT&CK insights, real-world incidents, references and security implications. You can also refer to the companion blog post.


devpod
Codespaces but open-source, client-only and unopinionated: Works with any IDE and lets you use any cloud, kubernetes or just localhost docker.


cleanowners
A GitHub Action to suggest removal of non-organization members from CODEOWNERS files.

From the cloud providers


#AWS   Creating a User Activity Dashboard for Amazon CodeWhisperer
A streamlined process for tracking and analyzing Amazon CodeWhisperer usage events.


#AWS   AWS CloudHSM architectural considerations for crypto user credential rotation
This blog post provides architectural guidance on AWS CloudHSM crypto user credential rotation and is intended for those using or considering using CloudHSM.


#AWS   Introducing the AWS WAF traffic overview dashboard
Post introducing the new dashboards and delve into a few use cases to help you gain better visibility into the overall security of your applications using AWS WAF and make informed decisions based on insights from the dashboards.


#AWS   How to access AWS resources from Microsoft Entra ID tenants using AWS Security Token Service
How to configure an IAM OIDC identity provider to establish trust with a Microsoft Entra ID tenant.


#GCP   Tackling cybersecurity vulnerabilities through Secure by Design
Google's new report outlines principles and approaches for strengthening security through design.


#AZURE   Announcing the Public Preview of Change Actor
With Change Analysis, you can now see who initiated the change and with which client that change was made, for changes across all your tenants and subscriptions.


#AZURE   Defend against human-operated ransomware attacks with Microsoft Copilot for Security
A detailed, step-by-step look at how it can help surface, contain, and mitigate a human-operated ransomware attack.

Thanks for reading!

If you found this newsletter helpful, I'd really appreciate if you could forward it to your friends and colleagues! 👌

If you have questions, comments, or feedback, let me know on Twitter (@lancinimarco / @CloudSecList), or at feedback.cloudseclist.com!

Thanks,
Marco
Forward Forward
Twitter Tweet
Share Share

How did you like this issue of CloudSecList?

1       2       3       4       5

Archives View in browser Sponsorship
© 2019-present CloudSecList · Marco Lancini