Release Date: 04/08/2024 | Issue: 249
Know someone who'd find this useful? Forward this email
CloudSecList is a newsletter for busy professionals who want to keep up to date with the cloud security industry. Hand-curated by Marco Lancini.
Sponsor

When cloud attacks happen at lightning speed, security teams have only minutes to react. Evolving threats challenge even seasoned professionals but the power of AI is transforming the way we work.
Discover with Sysdig founder and CTO Loris Degioanni how AI-driven technology is changing the industry and helping security teams better understand threats, and stop attacks in motion.
โ†’ Register for the webinar

This week's articles


Unfashionably secure: why we use isolated VMs
The Canary team shares a number of security choices they made that helped them achieve complete customer isolation.   #build   #strategy


Compromising ByteDance's Rspack using GitHub Actions Vulnerabilities
Praetorian identified two GitHub actions that ran on issue comment events and would checkout and run code from an attacker-controlled branch if a specific keyword was included in a pull request comment.   #attack   #ci/cd


Revealing the Inner Structure of AWS Session Tokens
A post sharing code and tools to programmatically analyze and modify AWS Session Tokens.   #aws   #explain   #iam


A deep dive into Entra ID Identity Protection for Incident Response
Identity Protection, and the associated Risky reports, are a quick and easy starting point to check if Microsoft has flagged any risky sign-ins, workloads, or users.   #azure   #monitor


Enabling Security for Hadoop Data Lake on Google Cloud Storage
How Uber migrated their on-prem Hadoop-based data lake along with analytical and machine learning workloads to GCP.   #build   #defend   #strategy


Configure GitHub Artifact Attestations for secure cloud-native delivery
Introducing the generally available capability of GitHub Artifact Attestations to secure your cloud-native supply chain packages and images.   #announcement   #ci/cd


Our audit of Homebrew
Trail of Bits performed an audit of Homebrew, alongside its CI/CD pipelines.   #attack   #ci/cd


Poisoning the SSM Command Document Well
A post disclosing risks in using SSM Command Docs for software distribution.   #attack   #aws


Escalating Privileges in Google Cloud via Open Groups
How an attacker can escalate their privileges in Google Cloud by leveraging weak group join settings for groups that have been granted roles in GCP.   #attack   #gcp

๐Ÿ“™ The CloudSec Engineer is out now!

The CloudSec Engineer is a practical guide on how to enter, establish yourself, and thrive in the Cloud Security industry as an individual contributor.

You can head over to engineer.cloudsecbooks.com to find more information about the book, its contents, and where to buy it.

Tools


spegel
Stateless cluster local OCI registry mirror.


content-repository-with-dynamic-access-control
How to build an end-to-end content repository using AWS services with a simple and dynamic access control based logic over unstructured data.

From the cloud providers


#AWS   Automate monitoring for your Amazon EKS cluster using CloudWatch Container Insights
How to implement Amazon EKS monitoring and alerting using a custom solution that automates EKS observability capabilities for dynamic performance metrics.


#AWS   How to build a CA hierarchy across multiple AWS accounts and Regions for global organization
How to build a CA hierarchy solution across AWS accounts and Regions, using AWS Private CA.


#AWS   Accelerate incident response with Amazon Security Lake - Part 2
The second of a two-part series where we show you how to respond to a specific incident by using Amazon Security Lake as the primary data source to accelerate incident response workflow.


#GCP   Best practices for streamlining log centralization with Cloud Logging
Follow these best practices when using Cloud Logging to centralize and manage logs from diverse sources.


#GCP   Announcing IAM group authentication in Cloud SQL
The benefits of IAM group authentication, its use cases, and how to start using IAM group authentication with Cloud SQL for PostgreSQL and Cloud SQL for MySQL.

Thanks for reading!

If you found this newsletter helpful, I'd really appreciate if you could forward it to your friends and colleagues! ๐Ÿ‘Œ

If you have questions, comments, or feedback, let me know on Twitter (@lancinimarco / @CloudSecList), or at feedback.cloudseclist.com!

Thanks,
Marco
Forward Forward
Twitter Tweet
Share Share

How did you like this issue of CloudSecList?

1       2       3       4       5

Archives View in browser Sponsorship
ยฉ 2019-present CloudSecList ยท Marco Lancini