Release Date: 21/04/2024 | Issue: 234
Know someone who'd find this useful? Forward this email
CloudSecList is a newsletter for busy professionals who want to keep up to date with the cloud security industry. Hand-curated by Marco Lancini.
Sponsor

In the cloud, attacks happen fast. In less than 10 minutes, an attacker can take over your environment
Securing endpoints isn’t enough - EDR solutions are not designed for the cloud.
Explore how to detect, correlate, and respond to cloud threats immediately with cloud-native visibility and active risk signals.

This week's articles


S3 Bucket Encryption Doesn't Work The Way You Think It Works
Let's try all the different S3 encryption options, see why it's more like access control than encryption, and why that matters.   #aws   #explain


An Adversary Adventure with Cloud Administration Command
Permiso started a series of blog posts that will walk through some of MITRE's ATT&CK Matrix, diving deep into cloud-based techniques. The first post of this series covers Cloud Administration Command.   #attack   #azure   #defend


LeakyCLI: AWS & Google Cloud Command Line Tools
Azure, AWS, and Gcloud CLI commands may expose sensitive info on GitHub Actions.   #attack   #ci/cd


Fixing Typos and Breaching Microsoft's Perimeter
Writeup on how it was possible to leverage a RCE on a machine joined to Microsoft's Active Directory domain with the privileges of a Microsoft Senior Developer.   #attack   #ci/cd


Amazon AppFlow vulnerabilities: Undocumented API allowed reading partial secrets, SSRF in WooCommerce connector
This vulnerability allowed anyone to steal secrets managed by AppFlow in any AWS account.   #attack   #aws


Abusing search permissions on Docker directories for privilege escalation
The setting of the searchable bit for other users on /var/lib/docker/ and child directories can allow for a low-privileged attacker to gain access to various containers' filesystems.   #attack   #containers


State of DevSecOps
DataDog analyzed data from thousands of applications and cloud environments to assess trends in application security posture and adoption of DevSecOps best practices.   #strategy


Open Source Security (OpenSSF) and OpenJS Foundations Issue Alert for Social Engineering Takeovers of Open Source Projects
The recent attempted XZ Utils backdoor (CVE-2024-3094) may not be an isolated incident as evidenced by a similar credible takeover attempt intercepted by the OpenJS Foundation.   #defend   #supply-chain

Sponsor

See how you can use secure container images
Join Chainguard and GitGuardian in for an engaging discussion into the intricacies of vulnerability management and CVE reduction. Gain valuable insights into GitGuardian's best practices for mitigating CVEs, and discover how Chainguard's innovative solutions augment GitGuardian's customer offerings.
Watch now!

Tools


osv-scalibr
SCALIBR (Software Composition Analysis Library) is an extensible file system scanner used to extract software inventory data (e.g. installed language packages) and detect vulnerabilities.


maester
Maester is a PowerShell-based test automation framework designed to help you monitor and maintain the security configuration of your Microsoft 365 environment.


Ludus
Ludus is a system to build easy to use cyber environments for testing and development.


checkpointctl
A tool for in-depth analysis of container checkpoints.


CloudConsoleCartographer
A tool to help security teams easily understand log events generated by AWS console activity. You can also refer to the companion blog post.

From the cloud providers


#AWS   AWS IAM Identity Center now offers a streamlined AWS access portal and shortcut links
Shortcut links take an authenticated user to a desired AWS Management Console destination, such as an S3 bucket details page, in a specific account, and with a specific permission set already assigned to the user.


#AWS   Amazon CloudFront now supports Origin Access Control (OAC) for Lambda function URL origins
You can now protect AWS Lambda URL origins by using CloudFront Origin Access Control (OAC) to only allow access from designated CloudFront distributions.


#AWS   AWS KMS announces more flexible automatic key rotation
You can now customize the frequency of rotation period between 90 days to 7 years as well as invoke key rotation on demand for customer managed KMS keys.


#AWS   Integrate Kubernetes policy-as-code solutions into Security Hub
A solution to send policy violations from PaC solutions using Kubernetes policy report format (for example, using Kyverno) or from Gatekeeper's constraints status directly to AWS Security Hub.


#AZURE   New Microsoft guidance for the DoD Zero Trust Strategy
A Zero Trust activity-level guidance for DoD Components and DIB partners implementing the DoD Zero Trust Strategy.

Thanks for reading!

If you found this newsletter helpful, I'd really appreciate if you could forward it to your friends and colleagues! πŸ‘Œ

If you have questions, comments, or feedback, let me know on Twitter (@lancinimarco / @CloudSecList), or at feedback.cloudseclist.com!

Thanks,
Marco
Forward Forward
Twitter Tweet
Share Share

How did you like this issue of CloudSecList?

1       2       3       4       5

Archives View in browser Sponsorship
Β© 2019-present CloudSecList Β· Marco Lancini