Release Date: 16/06/2024 | Issue: 242
Know someone who'd find this useful? Forward this email
CloudSecList is a newsletter for busy professionals who want to keep up to date with the cloud security industry. Hand-curated by Marco Lancini.
Sponsor

Cloud Tales ft. Jason Chan (fmr VP of Information Security at Netflix)
Cloud Tales is a monthly online event where we sit down with a cloud hero and discuss their journey on the quest to secure their cloud. No slides, no agenda, just some stories from practitioners and leaders. During this time you can:
  • Hear about challenges Jason faced in his journey to the cloud as he built Netflix's security team
  • Learn about his career growth from an Information Technology Systems Technician to VP of Information Security
  • Ask questions about challenges you're facing and get advice on how to approach them

This week's articles


Building to Prevent Subdomain Takeovers
Four controls platforms can use when building a custom-domain feature to make it resilient to subdomain takeover down the road.   #build   #defend


Attackers deploying new tactics in campaign targeting exposed Docker APIs
This post includes analysis of a new campaign by the threat actor behind the Spinning YARN campaign.   #attack   #containers


Mapping Snowflake's Access Landscape
Post that describes the high-level Snowflake Access Control Model, analyzes the incident reporting released by Mandiant, and provides instructions on graphing the access model of your Snowflake deployment.   #attack   #defend   #saas


A guide to threat hunting and monitoring in Snowflake
A detailed guide to threat hunting in your Snowflake environment, in light of an emerging threat currently targeting Snowflake customers.   #monitor   #saas

๐Ÿ“™ The CloudSec Engineer - We have a release date!

The CloudSec Engineer is a practical guide on how to enter, establish yourself, and thrive in the Cloud Security industry as an individual contributor.

The book will be available for purchase on the 27th of June 2024.

You can head over to engineer.cloudsecbooks.com to find more information about the book, its contents, and where to buy it.

Tools


crawler
The Elastic Open Web Crawler allows to easily ingest web content into Elasticsearch. You can also refer to the companion blog post.


netfetch
Kubernetes tool for scanning clusters for network policies and identifying unprotected workloads.


SteppingStones
A Red Team Activity Hub. You can also refer to the companion blog post.


YetiHunter
A tool to query snowflake environments for evidence of compromise. You can also refer to the companion blog post.

From the cloud providers


#AWS   Centrally manage member account root email addresses across your AWS Organization
It is now possible to use the SDK to update the root email address of a member account from either the Organization's management account (or delegated administrator).


#AWS   Simplify risk and compliance assessments with the new common control library in AWS Audit Manager
Audit Manager introduces a common control library that provides common controls with predefined and pre-mapped AWS data sources.


#AWS   How to securely transfer files with presigned URLs
Best practices for generating and distributing presigned URLs, security considerations, and recommendations for monitoring usage and access patterns.


#AWS   Simplify AWS CloudTrail log analysis with natural language query generation in CloudTrail Lake
Streamline compliance and security analysis using natural language query generation. Ask questions like "What errors occurred last month?" and get ready-to-run SQL queries tailored to your needs - no technical expertise required.


#AWS   Introducing Amazon GuardDuty Malware Protection for Amazon S3
Amazon GuardDuty expands malware scanning to secure S3 uploads, enabling continuous monitoring and isolation of malicious files without infrastructure overhead.


#AWS   IAM Access Analyzer Update: Extending custom policy checks & guided revocation
New custom policy checks for critical resources, public access detection, and guided revocation to remove unused permissions - proactively securing AWS environments with tailored analysis and actionable insights.


#AWS   AWS adds passkey multi-factor authentication (MFA) for root and IAM user
Amazon added passkeys to the list of supported multi-factor authentication (MFA) for your root and IAM users.


#GCP   How to safeguard your SSH environment with Identity-Aware Proxy and Security Command Center
Two Google Cloud security tools can help mitigate the risks posed by the XZ Utils vulnerability.


#GCP   Introducing GKE Compliance: Maintain clusters and workloads against industry standards
Google announced built-In, fully managed GKE Compliance within GKE posture management.


#GCP   How you can build a FedRAMP High-compliant network with Assured Workloads
Several best practices for securely deploying a network architecture that aligns with FedRAMP High.


#GCP   Move from always-on privileges to on-demand access with Privileged Access Manager
To help mitigate the risks associated with excessive privileges and misuses of elevated access, Google announced GCP's built-in Privileged Access Manager.

Thanks for reading!

If you found this newsletter helpful, I'd really appreciate if you could forward it to your friends and colleagues! ๐Ÿ‘Œ

If you have questions, comments, or feedback, let me know on Twitter (@lancinimarco / @CloudSecList), or at feedback.cloudseclist.com!

Thanks,
Marco
Forward Forward
Twitter Tweet
Share Share

How did you like this issue of CloudSecList?

1       2       3       4       5

Archives View in browser Sponsorship
ยฉ 2019-present CloudSecList ยท Marco Lancini