Release Date: 18/08/2024 | Issue: 251
Know someone who'd find this useful? Forward this email
CloudSecList is a newsletter for busy professionals who want to keep up to date with the cloud security industry. Hand-curated by Marco Lancini.
Sponsor

The automation opportunity: Building a secure data ecosystem
For modern security teams, ensuring robust protection of your digital assets is more crucial than ever.
Join Tines on August 27th at 11am ET as they team up with Cribl and Elastic to explore how organizations can effortlessly manage, analyze, and protect their data โ€“ while streamlining security operations โ€“ through workflow automation.
Discover how integrating best-in-class tools can create a responsive security data ecosystem capable of detecting, analyzing, and mitigating threats in real time.
Save your spot today

This week's articles


Confusion Attacks: Exploiting Hidden Semantic Ambiguity in Apache HTTP Server
This article explores architectural issues within the Apache HTTP Server, highlighting several technical debts within Httpd, including 3 types of Confusion Attacks, 9 new vulnerabilities, 20 exploitation techniques, and over 30 case studies.   #attack


Understanding AWS Networking: A Guide for Network Engineers
This article provides an overview of AWS networking concepts for network engineers, covering VPCs, subnets, route tables, Internet Gateways, NAT Gateways, and security groups.   #aws   #explain


Addressed AWS defaults risks: OIDC, Terraform and Anonymous to AdministratorAccess
Preventing anonymous privilege escalation via misconfigured OIDC roles: defensive strategies and AWS's improvements.   #aws   #defend


Mitigating Attack Vectors in GitHub Workflows
This article provides an overview of the most common attack vectors on GitHub workflows and recommendations on how to secure them.   #ci/cd   #defend


ArtiPACKED: Hacking Giants Through a Race Condition in GitHub Actions Artifacts
New research uncovers a potential attack vector on GitHub repositories, with leaked tokens leading to potential compromise of services.   #attack   #ci/cd


Bucket Monopoly: Breaching AWS Accounts Through Shadow Resources
The impact of these vulnerabilities range between remote code execution (RCE), full-service user takeover (which might provide powerful administrative access), manipulation of AI modules, exposing sensitive data, data exfiltration and denial of service.   #attack   #aws


AWS IAM Privilege Escalation Leads to EC2 Ransomware Deployment
Post tracing a threat actor's steps through ransomware deployment, vertical (lateral) movement via AWS Systems Manager (SSM), and privilege escalation through IAM abuse.   #attack   #aws


Emerging phishing campaign targeting AWS accounts
The Wiz research team detected a phishing campaign targeting AWS accounts using fake sign-in pages.   #attack   #aws

Tools


GuardDog 2.0
YARA scanning, user-supplied rules, and Golang support. You can also refer to the companion blog post.


TrailShark
The TrailShark Capture Utility seamlessly integrates with Wireshark, facilitating the capture of AWS CloudTrail logs directly into Wireshark for near-real-time analysis. You can also refer to the companion blog post.


grimoire
Generate datasets of cloud audit logs for common attacks. You can also refer to the companion blog post.


TTPForge
The TTPForge is a Cybersecurity Framework for developing, automating, and executing attacker Tactics, Techniques, and Procedures (TTPs).


aws-lint-iam-policies
Runs IAM policy linting and security checks against either a single AWS account or a set of member accounts of an AWS Organization.

From the cloud providers


#AWS   How to centrally manage secrets with AWS Secrets Manager
Step-by-step solution to establish a Centralized Security Account that uses the AWS Secrets Manager service for securely storing your secrets in a central place.


#GCP   Create a powerful Kubernetes security duo with Custom Org Policy and Policy Controller
Custom Org Policy and Policy Controller can help secure your GKE clusters and achieve governance and compliance at scale.

Thanks for reading!

If you found this newsletter helpful, I'd really appreciate if you could forward it to your friends and colleagues! ๐Ÿ‘Œ

If you have questions, comments, or feedback, let me know on Twitter (@lancinimarco / @CloudSecList), or at feedback.cloudseclist.com!

Thanks,
Marco
Forward Forward
Twitter Tweet
Share Share

How did you like this issue of CloudSecList?

1       2       3       4       5

Archives View in browser Sponsorship
ยฉ 2019-present CloudSecList ยท Marco Lancini