Release Date: 08/09/2024 | Issue: 254
Know someone who'd find this useful? Forward this email
CloudSecList is a newsletter for busy professionals who want to keep up to date with the cloud security industry. Hand-curated by Marco Lancini.
Sponsor

Want to learn how attackers are stealing your cookies to bypass MFA? Join Luke Jennings and Push Security on September 12th for a technical deep dive into hacker tools and techniques. Topics include:
  • How attackers use infostealers to steal sessions and compromise MFA-protected services like M365.
  • How attackers use residential VPNs to bypass conditional access policies.
  • How downstream SaaS app sessions can be stolen to avoid the need to access highly protected IDPs like Microsoft and Okta.
You can register for free and watch from home. See you there!

This week's articles


What's the worst place to leave your secrets?
A research into what happens to AWS credentials that are left in public places.   #attack   #ci/cd


3.7 Million Fake GitHub Stars: A Growing Threat Linked to Scams and Malware
Socket researchers have uncovered 3.7 million fake GitHub stars, highlighting a growing threat linked to scams, fraud, and malware, with these campaigns rapidly increasing over the last six months.   #attack   #ci/cd


Strategies Used by Adversaries to Steal Application Access Tokens
How adversaries can adopt the "Steal Application Access Token" technique of the MITRE ATT&CK framework to manipulate application account API tokens in cloud and containerized environments.   #attack   #containers


Typosquatting in GitHub Actions
Post explaining jow typosquatting in GitHub Actions can compromise your workflows and teaching key strategies to protectf rom this risk.   #attack   #ci/cd   #defend


CSRF: A complete guide to exploiting advanced CSRF vulnerabilities
How to identify CSRF vulnerabilities while also covering basic and advanced exploitation methods.   #explain


TLD Tracker: Exploring Newly Released Top-Level Domains
Palo Alto investigated 19 new top-level domains (TLDs) released in the past year, which revealed large-scale phishing campaigns, distribution of potentially unwanted programs, torrenting websites, and even pranking and meme campaigns.   #attack


GitHub-Actions-Attack-Diagram
Guidance for identifying GitHub Actions vulnerabilities.   #attack   #ci/cd


Kubernetes is evolving, the CKA exam too!
Updates are coming to the CKA exam after November 25th, 2024.   #announcement

Tools


SeamlessPass
A tool leveraging Kerberos tickets to get Microsoft 365 access tokens using Seamless SSO.


encap-attack
Sniff and attack networks that use IP-in-IP or VXLAN encapsulation protocols. You can also refer to the companion blog post.


bomctl
Format agnostic SBOM tooling. You can also refer to the companion blog post.

From the cloud providers


#AWS   Achieving Zero Trust Security on Amazon EKS with Istio
Post covering Istio's security mechanisms, which allows to implement a true zero trust security architecture on Amazon EKS.


#AWS   Automatically replicate your card payment keys across AWS Regions
A cross-Region replication (CRR) solution for card payment keys, with a specific focus on AWS Payment Cryptography.


#GCP   Instant snapshots: protect Compute Engine workloads from errors and corruption
Compute Engine instant snapshots provide near-instantaneous, high-frequency, point-in-time disk checkpoints that you can rapidly restore if needed.

Thanks for reading!

If you found this newsletter helpful, I'd really appreciate if you could forward it to your friends and colleagues! ๐Ÿ‘Œ

If you have questions, comments, or feedback, let me know on Twitter (@lancinimarco / @CloudSecList), or at feedback.cloudseclist.com!

Thanks,
Marco
Forward Forward
Twitter Tweet
Share Share

How did you like this issue of CloudSecList?

1       2       3       4       5

Archives View in browser Sponsorship
ยฉ 2019-present CloudSecList ยท Marco Lancini