Release Date: 05/05/2024 | Issue: 236
Know someone who'd find this useful? Forward this email
CloudSecList is a newsletter for busy professionals who want to keep up to date with the cloud security industry. Hand-curated by Marco Lancini.
Sponsor

Introducing Cloud Console Cartographer (Open-Source Tool)
Cloud Console Cartographer helps security teams easily make sense of the noisy events generated in logs by activity conducted in AWS console. Something as simple as a click of a button or nav item in console can generate dozens of events in cloud logs. Cloud Console Cartographer cuts through the noise and distills those logs into a list of succinct events to quickly tell defenders what actions an identity actually conducted in console.
Check it out

This week's articles


Verizon's 2024 data breach report
A summary of the latest trends in real-world security incidents and breaches.   #defend


Dropbox's 8-K
Dropbox has filed an 8-K with the SEC, reporting a cybersecurity incident affecting Dropbox Sign.   #attack   #saas


ATT&CK v15 Brings the Action: Upgraded Detections, New Analytic Format, & Cross-Domain Adversary Insights
V15 is all about actionability and bringing defenders' reality into focus. MITRE prioritized what you need to detect, and how you can do it more effectively.   #defend   #monitor


How an empty S3 bucket can make your AWS bill explode
Imagine you create an empty, private AWS S3 bucket in a region of your preference. What will your AWS bill be the next morning?   #attack   #aws


Semgrep for Terraform Security
Use Semgrep to evangelize secure-by-default modules, create opinonated rules, and to secure your CI/CD.   #build   #ci/cd   #iac


(The) Postman Carries Lots of Secrets
Postman, the popular API testing platform, hosts the largest collection of public APIs. Unfortunately, it's become one of the largest public sources of leaked secrets.   #attack   #saas


Lessons Learned When Building My DNS Resolver
It's simultaneously painful and fun.   #build


You Can't See Me: Achieving Stealthy Persistence in Azure Machine Learning
When an AML workspace is created, by default, the Storage Account is publicly accessible using the access key.   #attack   #azure


Arbitrary 1-click Azure tenant takeover via MS application
This blog explains how reply URLs in Azure Applications can be used as a vector for phishing. The impact of this can range from data leaks to complete tenant takeover; just by luring a victim into clicking on a link.   #attack   #azure


A Look at a Recently Patched Microsoft Graph Logging Bypass - GraphNinja
From June 2023 to March 2024, Microsoft Graph was vulnerable to a logging bypass that allowed attackers to perform password-spray attacks undetected. During this period, any organization in Azure could have been attacked and would have had no indication of the activity.   #attack   #azure

Sponsor CloudSecList in 2024

If you want to get your product in front of thousands of security professionals, ranging from engineers to CISOs and VCs, at companies ranging from small start-ups to Fortune500 and FAANG, take a look at:
๐Ÿ”— cloudseclist.com/sponsor

Tools


kube-no-trouble
Easily check your clusters for use of deprecated APIs.


terraform-aws-slackbot
Serverless Extensible Slackbot.


gcp-iam-brute
GCP IAM Brute is a tool that leverages the testIamPermissions feature in GCP to perform fuzz testing for different permissions within GCP.


cognito-scanner
A simple script which implements different Cognito attacks such as Account Oracle or Privilege Escalation.

From the cloud providers


#AWS   AWS Firewall Manager now supports central deployment and management of VPC NACLs with common NACL policies
You can now define policies for centrally creating, deploying and managing VPC NACL rules for VPC subnets across accounts in an AWS Organization.


#AZURE   Examining the Deception infrastructure in place behind code.microsoft.com
The story of one honeypot instance and how it enabled Microsoft to collect varied threat intelligence against a broad range of actor groups targeting Microsoft.

Thanks for reading!

If you found this newsletter helpful, I'd really appreciate if you could forward it to your friends and colleagues! ๐Ÿ‘Œ

If you have questions, comments, or feedback, let me know on Twitter (@lancinimarco / @CloudSecList), or at feedback.cloudseclist.com!

Thanks,
Marco
Forward Forward
Twitter Tweet
Share Share

How did you like this issue of CloudSecList?

1       2       3       4       5

Archives View in browser Sponsorship
ยฉ 2019-present CloudSecList ยท Marco Lancini