Release Date: 07/04/2024 | Issue: 232
Know someone who'd find this useful? Forward this email
CloudSecList is a newsletter for busy professionals who want to keep up to date with the cloud security industry. Hand-curated by Marco Lancini.
Sponsor

Concerned about an S3 breach?
In Datadog's State of AWS Security Report, they shared that 36% of companies that use S3 have at least one publicly exposed bucket.
SlashID Gate can perform runtime detection of leaked credentials and PII, context-aware authentication, and OPA-based authorization policies for S3. Gate enables our clients to discover and prevent breaches in real-time instead of days later with the traditional static scanning tools.
Interested in trying Gate for S3?
Learn more https://www.slashid.dev/use-cases/s3-access/

This week's articles


SaaS Attack: How to SAMLjack a poisoned tenant
Poisoned tenants involve an adversary registering a tenant for a SaaS app they control and tricking target users to join it, often using built-in invite functionality. The end goal is to have some target users actively using a tenant you (as the adversary) control.   #attack   #saas


Reduce, reuse, recycle: McDonald's reusable workflows
How McDonald's use a combination of reusable workflows and custom reusable actions provided by GitHub.   #build   #ci/cd


What Happens on GitLab When You do git push?
Ever wondered how Git and GitLab operate under the hood?   #ci/cd   #explain


When AWS invariants aren't [invariant]
Search CloudTrail for instances of AssumeRole with additionalEventData.explicitTrustGrant == false. These will yield results for role assumptions that aren't permitted by the trust policy and violate your invariants like role session names will always be an employee's email address.   #aws   #iam


Leveraging AWS SSO (aka Identity Center) with Google Workspaces
How to configure AWS Identity Center to use Google Workspace/Cloud Identity with SCIM Support.   #aws   #gsuite   #iam


Securing Kubernetes: A Comprehensive Guide to Runtime Security and System Hardening
This blog post provides a guide to securing Kubernetes, covering runtime security and system hardening.   #defend   #kubernetes

Sponsor

Introducing CloudGrappler: An open-source Threat Detection Tool
Scan your cloud infrastructure environments for activity of the tactics, techniques and procedures (TTPs) of known threat actors like LUCR-3 (Scattered Spider). CloudGrappler comes prepackaged with a set of intel-based detections and is purpose-built for querying high-fidelity and single-event detections for well-known threat actors in cloud environments such as AWS and Azure. CloudGrappler is available on Github.
You can learn more about it here

Tools


cloudfox
Automating situational awareness for cloud penetration tests.


difftastic
A structural diff that understands syntax.


tsunami-security-scanner
Tsunami is a general purpose network security scanner with an extensible plugin system for detecting high severity vulnerabilities with high confidence.


CanaryHunter
Canary Hunter aims to be a quick PowerShell script to check for Common Canaries in various formats generated for free on canarytokens.org.

From the cloud providers


#AWS   How to generate security findings to help your security team with incident response simulations
How to deploy a solution that provisions resources to generate simulated security findings for actual provisioned resources within your AWS account.


#AWS   Terraform CI/CD and testing on AWS with the new Terraform Test Framework
How to validate Terraform modules and how to automate the process using a CI/CD pipeline.


#AWS   Private Access to the AWS Management Console is now available in all commercial AWS Regions
AWS Management Console Private Access is an advanced security feature that allows you to define a set of trusted AWS accounts and organizations that can access the AWS Management Console from within their network.


#AWS   Amazon GuardDuty EC2 Runtime Monitoring is now generally available
Amazon announced the general availability of Amazon GuardDuty EC2 Runtime Monitoring to expand threat detection coverage for EC2 instances at runtime and complement the anomaly detection that GuardDuty already provides by continuously monitoring VPC Flow Logs, DNS query logs, and AWS CloudTrail management events.


#GCP   15 must-attend security sessions at Next '24
Google Cloud Next will feature a robust security track this year. Here's 15 security-focused sessions you don't want to miss.


#GCP   Google Cloud Backup and DR upgrade: VM protection made easier
With support for tags in the Backup and DR service, managing backups helps automate the protection of Compute Engine VMs.

Thanks for reading!

If you found this newsletter helpful, I'd really appreciate if you could forward it to your friends and colleagues! ๐Ÿ‘Œ

If you have questions, comments, or feedback, let me know on Twitter (@lancinimarco / @CloudSecList), or at feedback.cloudseclist.com!

Thanks,
Marco
Forward Forward
Twitter Tweet
Share Share

How did you like this issue of CloudSecList?

1       2       3       4       5

Archives View in browser Sponsorship
ยฉ 2019-present CloudSecList ยท Marco Lancini