Release Date: 02/06/2024 | Issue: 240
Know someone who'd find this useful? Forward this email
CloudSecList is a newsletter for busy professionals who want to keep up to date with the cloud security industry. Hand-curated by Marco Lancini.
πŸ“™ The CloudSec Engineer - We have a release date!
The CloudSec Engineer is a practical guide on how to enter, establish yourself, and thrive in the Cloud Security industry as an individual contributor.

The book will be available for purchase on the 27th of June 2024.

For the occasion, I've also updated the website at engineer.cloudsecbooks.com to include a new landing page, where you can find more information about the book and its contents.
Go check it out and let me know what you think!
Sponsor

When it’s time to secure their cloud environments, AWS itself recommends Prowler Open Source. Prowler gives you the tools to oversee and secure your cloud environment openly. Why hide behind closed doors when you can empower your team with a security tool that’s open for all to see and improve?
Embrace a transparent approach to AWS security with Prowler Open Source at prowler.com/prowler-open-source

This week's articles


Non-Production Endpoints as an Attack Surface in AWS
Two new archetypes for bypassing AWS CloudTrail through certain non-production endpoints with API actions that access account-level information and through API calls which generate multiple events in CloudTrail.   #attack   #aws


Credentials Leaking with Subdomain Takeover
Post disclosing new techniques to steal sensitive data in localStorage (like API keys and passwords) via subdomain takeover.   #attack   #saas


Introducing Artifact Attestations
Artifact Attestations allows project maintainers to effortlessly create a tamper-proof, unforgeable paper trail linking their software to the process that created it.   #ci/cd   #supply-chain


Publicly Exposed AWS Document DB Snapshots
Post detailing the research around DocumentDB, and a deep dive on a public exposure impacting millions of customers of a publicly traded company.   #attack   #aws


Phishing with Cloudflare Workers: Transparent Phishing and HTML Smuggling
Netskope Threat Labs is tracking multiple phishing campaigns that abuse Cloudflare Workers. One campaign uses HTML smuggling, a detection evasion technique often used for downloading malware, to hide the phishing content from network inspection.   #attack   #cloudflare


Hidden Costs of CNAPP Solutions
Do you believe the annual cost of $100,000 for a CNAPP means you will only spend $100,000?   #strategy


Phishing 2.0 - how phishing toolkits are evolving with AitM
Attackers are using Adversary in the Middle (AitM) phishing toolkits to bypass MFA. This post looks at what AitM is, how it works, and what you can do about it.   #attack   #saas


awesome-cicd-attacks
Practical resources for offensive CI/CD security research.   #attack   #ci/cd

Tools


kubectl-neat
Clean up Kubernetes yaml and json output to make it readable.


Stormspotter
Azure Red Team tool for graphing Azure and Azure Active Directory objects.


secretgen-controller
Secretgen-controller provides CRDs to specify what secrets need to be on Kubernetes cluster.

From the cloud providers


#AWS   Accelerate incident response with Amazon Security Lake
The first of a two-part series that will demonstrate the value of Amazon Security Lake and how you can use it and other resources to accelerate your incident response (IR) capabilities.


#AWS   Establishing a data perimeter on AWS: Analyze your account activity to evaluate impact and refine controls
How you can analyze access activity in your organization by using the CloudTrail logs to evaluate impact of your data perimeter controls and perform troubleshooting.


#AWS   How Parametric Built Audit Surveillance using AWS Data Lake Architecture
How Parametric implemented their Audit Surveillance Data Lake on AWS with purpose-built fully managed analytics services. With this solution, Parametric was able to respond to various audit requests within hours rather than days or weeks.


#GCP   What's new for the Google Cloud global front end for web delivery and protection
A deeper look at how the global front end solution improves the performance, protection, and scalability of their internet-facing web services.

Thanks for reading!

If you found this newsletter helpful, I'd really appreciate if you could forward it to your friends and colleagues! πŸ‘Œ

If you have questions, comments, or feedback, let me know on Twitter (@lancinimarco / @CloudSecList), or at feedback.cloudseclist.com!

Thanks,
Marco
Forward Forward
Twitter Tweet
Share Share

How did you like this issue of CloudSecList?

1       2       3       4       5

Archives View in browser Sponsorship
Β© 2019-present CloudSecList Β· Marco Lancini