Release Date: 09/06/2024 | Issue: 241
Know someone who'd find this useful? Forward this email
CloudSecList is a newsletter for busy professionals who want to keep up to date with the cloud security industry. Hand-curated by Marco Lancini.
Sponsor

When it’s time to secure their cloud environments, AWS itself recommends Prowler Open Source. Prowler gives you the tools to oversee and secure your cloud environment openly. Why hide behind closed doors when you can empower your team with a security tool that’s open for all to see and improve?
Embrace a transparent approach to AWS security with Prowler Open Source at prowler.com/prowler-open-source

This week's articles


Securing Research Infrastructure for Advanced AI
A snapshot of the security architecture OpenAI designed to protect their research infrastructure and model training.   #defend   #strategy


How to Secure the SaaS Apps of the Future
Several innovative new features that every enterprise SaaS application needs to embrace to protect users in the era of post-authentication attacks.   #defend   #saas


A Guide To Kubernetes Logs That Isn't A Vendor Pitch
A guide to logging at each cluster layer with a focus on AuditPolicy.   #kubernetes   #monitor


Tactical Guide to Threat Hunting in Snowflake Environments
A data theft and extortion campaign targeting organizations utilizing Snowflake databases is an emerging threat posed by a threat actor.   #attack   #saas


Pin GitHub Actions
Still, only 2% of GitHub repositories pins an Action to a full length commit SHA.   #ci/cd   #defend


Working as unexpected
A "working as intended" branch protection bypass that allows for protected credential exfiltration.   #attack   #ci/cd


Things you wish you didn't need to know about S3
S3 is weirder than you think. Make sure you know all the quirks before they turn into vulnerabilities in your AWS infrastructure.   #attack   #aws   #explain


Google Online Security Blog: On Fire Drills and Phishing Tests
Blog analyzing the modern practice of Phishing Tests as a cybersecurity control as it relates to industry-standard fire protection practices.   #strategy


What happened to RASP?
Wasn't RASP supposed to save us? This post walks through the history and challenge of the RASP market, and looks at whether the new ADR acronym will bring any better luck.   #defend   #strategy

πŸ“™ The CloudSec Engineer - We have a release date!

The CloudSec Engineer is a practical guide on how to enter, establish yourself, and thrive in the Cloud Security industry as an individual contributor.

The book will be available for purchase on the 27th of June 2024.

You can head over to engineer.cloudsecbooks.com to find more information about the book, its contents, and where to buy it.

Tools


kubelet-csr-approver
Kubernetes controller to enable automatic kubelet CSR validation after a series of (configurable) security checks.


ratify
A verification engine as a binary executable and on Kubernetes which enables verification of artifact security metadata and admits for deployment only those that comply with policies you create.


boilerplate
A tool for generating files and folders ('boilerplate') from a set of templates.


sustainability-scanner
Validate AWS CloudFormation templates against AWS Well-Architected Sustainability Pillar best practices.

From the cloud providers


#AWS   Amazon CloudWatch Logs announces Live Tail streaming CLI support
You can now view your logs interactively in real-time as they're ingested via AWS CLI or programmatically within your own custom dashboards inside or outside of AWS.

Thanks for reading!

If you found this newsletter helpful, I'd really appreciate if you could forward it to your friends and colleagues! πŸ‘Œ

If you have questions, comments, or feedback, let me know on Twitter (@lancinimarco / @CloudSecList), or at feedback.cloudseclist.com!

Thanks,
Marco
Forward Forward
Twitter Tweet
Share Share

How did you like this issue of CloudSecList?

1       2       3       4       5

Archives View in browser Sponsorship
Β© 2019-present CloudSecList Β· Marco Lancini