Release Date: 19/05/2024 | Issue: 238
Know someone who'd find this useful? Forward this email
CloudSecList is a newsletter for busy professionals who want to keep up to date with the cloud security industry. Hand-curated by Marco Lancini.
Sponsor

Secure your email from every angle
There’s more than one way-in to exploit email as an attack vector, and even more to target once-in. Only Material takes a holistic approach to email security that covers the full threat landscape – stopping new flavors of phishing and pretexting attacks in their tracks, while protecting accounts and data from exploit or exposure.
Get complete email security with Material

This week's articles


Endpoint vulnerability management at scale
How Canva does endpoint vulnerability management on their endpoint fleet comprising over 5000 devices deployed across numerous countries worldwide.   #defend   #strategy


Building a GitOps CI/CD Pipeline with GitHub Actions (SOC 2)
How to build a GitOps-based CI/CD pipeline built on GitHub Actions, designed for SOC 2 compliance.   #build   #ci/cd


A step-by-step guide to securely upgrading your EKS clusters
This guide walks through the steps you'll need to take to upgrade your EKS clusters. It includes guidance on when and how to complete these upgrades as well as tools that can make it easier for you to upgrade safely and securely.   #build   #explain   #kubernetes


Monitoring your EKS clusters audit logs
A plugin has replaced the way Falco consumes the Audit Logs generated by a K8s API server. With these plugins, Falco covers more in depth the aspects of your infrastructure and allows you to use a single syntax for rules.   #aws   #falco   #kubernetes


Container security fundamentals part 6: seccomp
A look at how seccomp is used in Linux and container systems.   #containers   #explain

Sponsor

Advanced threat actors readily leverage native cloud capabilities and automation to accelerate their attacks. Modern security teams need to embrace the realities of the cloud with cloud native approaches, and it starts with the 5/5/5 Benchmark.
On May 22nd, join Tines and Sysdig to learn how the 5/5/5 benchmark can secure business outcomes and operations, how to gain better visibility and context in the cloud, and how Tines and Sysdig can simplify DevSecOps, operations, and security workflows.
Challenge cloud attackers with faster CDR - Save your spot today

Tools


octo-sts
A GitHub App that acts like a Security Token Service (STS) for the Github API.


assured-workloads-terraform
A Terraform module that simplifies the deployment of Assured Workloads.


aws-imds-packet-analyzer
A tool that traces TCP interactions with the EC2 Instance Metadata Service (IMDS).


coldsnap
A command line interface for Amazon EBS snapshots.


HoneyTrail
Independently deploy customized honeyservices in AWS to trigger alerts on unauthorized access. You can also refer to the companion blog post.


dependabot-core
Dependabot's core logic for creating update PRs.

From the cloud providers


#AWS   Amazon EventBridge now supports Customer Managed Keys (CMK) for Event Buses
This capability allows you to encrypt your events using your own keys instead of an AWS owned key.


#AWS   Investigating lateral movements with Amazon Detective investigation and Security Lake integration
How you can use the Amazon Detective Investigation feature to investigate IAM user and role activity and use the Security Lake integration to determine the specific EC2 instances a threat actor appeared to be targeting.


#AWS   How to use AWS managed applications with IAM Identity Center: Enable Amazon Q without migrating existing IAM federation flows
How you can enable Identity Center and use AWS managed applications, such as Amazon Q, without migrating existing IAM federation flows to Identity Center.


#AWS   Governing and securing AWS PrivateLink service access at scale in multi-account environments
A way to create preventative controls through the use of service control policies (SCPs) and detective controls through event-driven automation.


#GCP   Automatically disabling leaked service account keys: What you need to know
Starting June 16, exposed service account keys that have been detected in services including public repos will be automatically disabled by default for new and existing customers.


#AZURE   Public preview: Sensitive data protection for Azure Front Door Web Application Firewall
Protect the sensitive data getting stored in your Web Application Firewall (WAF) using log scrubbing on Azure's global Web Application Firewall running on Azure Front Door.


#AZURE   Microsoft will require MFA for all Azure users
This July, Azure teams will begin rolling out additional tenant-level security measures to require multi-factor authentication (MFA).

Thanks for reading!

If you found this newsletter helpful, I'd really appreciate if you could forward it to your friends and colleagues! πŸ‘Œ

If you have questions, comments, or feedback, let me know on Twitter (@lancinimarco / @CloudSecList), or at feedback.cloudseclist.com!

Thanks,
Marco
Forward Forward
Twitter Tweet
Share Share

How did you like this issue of CloudSecList?

1       2       3       4       5

Archives View in browser Sponsorship
Β© 2019-present CloudSecList Β· Marco Lancini