Release Date: 24/03/2024 | Issue: 230
Know someone who'd find this useful? Forward this email
CloudSecList is a newsletter for busy professionals who want to keep up to date with the cloud security industry. Hand-curated by Marco Lancini.
Sponsor

For security professionals aiming to propel development forward while safeguarding against today’s evolving threats and vulnerabilities, there’s only one solution: shift left. Immerse yourself in a hands-on, expert-led session dedicated to the proactive approach of shifting security left and fortifying applications through thoughtful design.
If you’re ready to streamline development with built-in security, join us for our Shift Left Bootcamp. Reserve your spot today.

Prisma Cloud Security Bootcamp: Shift Left
Wednesday, March 27
11 AM PST
[Register]

This week's articles


A Look at Software Composition Analysis
Doyensec examined the state of Software Composition Analysis by comparing three popular tools side-by-side, to see how they stacked up.   #ci/cd   #defend


Identity Providers for RedTeamers
Post looking at effective techniques for operating against Identity Providers during a RedTeam post-exploitation phase.   #attack   #iam


Tales from the cloud trenches: Using malicious AWS activity to spot phishing campaign
How the tracking of AWS Simple Notification Service (SNS) enumeration activity across multiple customer environments led to the takedown of a phishing site that was impersonating the French government.   #attack   #aws


Poisoned Pipeline Execution Attacks: A Look at CI-CD Environments
Bishop Fox examines types of poisoned pipeline execution (PPE) attacks, methods to exploit these vulnerabilities, and recommended preventive measures.   #attack   #ci/cd


Wishing: Webhook Phishing in Teams
Post exploring a variety of ways to abuse Teams for post-exploitation, mainly to send phishing messages.   #attack   #saas


Azure Deployment Scripts: Assuming User-Assigned Managed Identities
Attackers may get access to a role that allows assigning a Managed Identity to a resource. Depending on the permissions of the Managed Identity, this can be used for privilege escalation.   #attack   #azure


OPA 1.0 is coming. Here's what you need to know
OPA 1.0, planned for release this year, will include some backwards incompatible changes.   #build   #opa


cert-manager completes CNCF-sponsored security audit!
A total of 8 issues were raised as part of the audit, of which 5 were low severity, 2 were moderate severity and 1 was informational. All issues have been resolved as of cert-manager v1.12.8, v1.13.4 and v1.14.3.   #defend


How to stay safe from repo-jacking
Repo-jacking is a specific type of supply chain attack. This blog post explains what it is, what the risk is, and what you can do to stay safe.   #ci/cd   #defend

Sponsor

How did a top tier global financial services institution solve their Kubernetes authentication, RBAC, and multi-tenancy challenges?
  • Satisfied security and compliance requirements
  • Provide a great experience for developers
  • Secure support for dashboards and UIs
  • Decrease load on cluster support staff
  • 100% Open Source
Find out how in our case study (no registration required)

Tools


weAudit
A collaborative code review tool for VSCode. You can also check the companion blog post.


threatcl
Documenting your Threat Models with HCL.


kubectl-detector-for-docker-socket
A Kubectl plugin that can detect if any of your workloads or manifest files are mounting the docker.sock volume.


AITMWorker
Proof of concept: using a Cloudflare worker for AITM attacks.


SARIF Explorer
A VSCode extension that enables you to review static analysis results effectively and enjoyably. You can also refer to the companion blog post.

CloudSecDocs


Security Programs
A revamped page that collects writeups about DevOps, AppSec, ProdSec, Vulnerability Management, Risk / Compliance.

From the cloud providers


#AWS   Amazon DynamoDB now supports resource-based policies
With resource-based policies, you can specify the IAM principals that have access to a resource and what actions they can perform on it.


#GCP   How to set compliance controls for your Google Cloud Organization
Assured Workloads can help you ensure comprehensive data protection and regulatory compliance with folders that support your compliance requirements.


#GCP   Introducing stronger default Org Policies for our customers
Google Cloud is releasing an updated and stronger set of security defaults that can be implemented with Organizational Policies.


#AZURE   Microsoft Copilot for Security: General Availability details
Microsoft announced the general availability of Microsoft Copilot for Security (Copilot) on April 1st.

Business News

Thanks for reading!

If you found this newsletter helpful, I'd really appreciate if you could forward it to your friends and colleagues! 👌

If you have questions, comments, or feedback, let me know on Twitter (@lancinimarco / @CloudSecList), or at feedback.cloudseclist.com!

Thanks,
Marco
Forward Forward
Twitter Tweet
Share Share

How did you like this issue of CloudSecList?

1       2       3       4       5

Archives View in browser Sponsorship
© 2019-present CloudSecList · Marco Lancini