Release Date: 23/06/2024 | Issue: 243
Know someone who'd find this useful? Forward this email
CloudSecList is a newsletter for busy professionals who want to keep up to date with the cloud security industry. Hand-curated by Marco Lancini.
Sponsor

Take the day off!
Cloud security is HARD. And it's not getting any easier. Consider this note your virtual high-five and thanks! And you know what, take the rest of the day off - you've earned it! (don't yell at us, CISOs)
But really, here's what you should do: level up your AWS knowledge with some great AWS skillsbuilder courses. Panoptica has free licenses for you (a $449 annual value).
Get your free AWS skillsbuilder license

This week's articles


The Path to Zero Touch Production
Slides from a talk that shares a theory of how to incrementally and collaboratively move a cloud-native organization to Zero Touch Prod.   #build   #strategy


Bypassing Okta's Passwordless MFA: Technical Analysis And Detection
An article which explores a newly identified technique to bypass Okta's passwordless MFA solution, providing a detailed technical analysis of the method and a demonstration, as well as strategies for mitigation and detection.   #attack   #defend   #saas


Tales from the cloud trenches: Raiding for AWS vaults, buckets and secrets
Post exploring a campaign targeting AWS Secrets Manager, AWS S3 and AWS S3 Glacier.   #attack   #aws


Stop worrying about 'allowPrivilegeEscalation
Kubernetes' 'allowPrivilegeEscalation' is a useful but poorly understood security hardening setting. This post dives into how it works and debunks some common myths about it.   #attack   #explain   #kubernetes


The Unauditable, Unmanageable HMAC Keys in Google Cloud
This blog outlines three vulnerabilities surfaced from how Google Cloud handles user-associated HMAC keys.   #attack   #gcp


How We Hacked Multi-Billion Dollar Companies in 30 Minutes Using a Fake VSCode Extension
30 minutes. 30 minutes is how long it took to develop, publish, and polish a Visual Studio Code extension that changes your IDE's colors while leaking all your source code to a remote server.   #attack   #saas


A Brief History of Signature-Based Threat Detection in Cloud Security
What might the history of signature-based threat detection tell us about the future of signature-based approaches and the evolution toward behavioral detection and response in the cloud?   #monitor


Taking a look at Kubernetes Profiling
Debugging facilities can always be interesting for attackers, and in general for security, so Rory McCune decided to take a look at Kubernetes support for Profiling, and where it could be a risk to cluster security.   #attack   #kubernetes

Sponsor

Tines for Vulnerability Management
From juggling disconnected systems, various input sources, and manual prioritization and assignment to ensure vulnerabilities aren’t overlooked, security teams are stretched thin.
Join us on June 25th at 2pm ET to learn how Greenlight identifies and triages vulnerabilities using automated workflows in Tines. From manually evaluating and prioritizing across vulnerability sources to creating a fully hands-off process, discover how Tines helps Greenlight prioritize, respond to, and remediate vulnerabilities – without losing any context.
Save your spot today

Tools


RedFlag
RedFlag uses AI to identify high-risk code changes. Run it in batch mode for release candidate testing or in CI pipelines to flag PRs and add reviewers. You can also refer to the companion blog post.


kpexec
Kpexec is a kubernetes cli that runs commands in a container with high privileges.


terraform-google-prober
A terraform module and Go library for deploying probers to Google Cloud Run.


cicd-lambda-container
A reference implementation for building a Lambda container image and deploying it to an AWS account.


gcpwn
Enumeration/exploit/analysis/download/etc pentesting framework for GCP.

From the cloud providers


#AWS   How to create a pipeline for hardening Amazon EKS nodes and automate updates
How to enhance the security of managed node groups using a CIS Amazon Linux benchmark for Amazon Linux 2 and Amazon Linux 2023.


#AWS   SaaS tenant isolation with ABAC using AWS STS support for tags in JWT
An alternative approach to implement tenant isolation with ABAC by using the AWS STS AssumeRoleWithWebIdentity API operation and https://aws.amazon.com/tags claim in a JSON Web Token (JWT).


#AZURE   Cloud security posture and contextualization across cloud boundaries from a single dashboard
How to prioritize riskiest misconfigurations across your multicloud environment, all inside of a single dashboard by using Defender CSPM.

Thanks for reading!

If you found this newsletter helpful, I'd really appreciate if you could forward it to your friends and colleagues! πŸ‘Œ

If you have questions, comments, or feedback, let me know on Twitter (@lancinimarco / @CloudSecList), or at feedback.cloudseclist.com!

Thanks,
Marco
Forward Forward
Twitter Tweet
Share Share

How did you like this issue of CloudSecList?

1       2       3       4       5

Archives View in browser Sponsorship
Β© 2019-present CloudSecList Β· Marco Lancini