Release Date: 15/09/2024 | Issue: 255
Know someone who'd find this useful? Forward this email
CloudSecList is a newsletter for busy professionals who want to keep up to date with the cloud security industry. Hand-curated by Marco Lancini.
Sponsor

Find and fix risky sharing in Google Drive
The risk of any Google Drive footprint lies in the toxic combinations of sensitive data, excessive permissions, and improper sharing. However, it’s hard to differentiate between typical business practices and potential risks without fully understanding the context and intent.
Material Security’s Data Protection for Google Drive helps control sensitive data sprawl with intuitive search and bulk remediation.
Gain control over the complex and vast data repository without getting in the way of daily use – security without impacting productivity.
Learn More

This week's articles


A SaaS provider's guide to securely integrating with customers' AWS accounts
An opinionated guide on best practices that these vendors should follow to ensure an appropriate level of security when integrating with customers' AWS environments.   #aws   #build   #defend


Policy Language Security Comparison
Trail of Bits completed a comparative security assessment of authorization policy languages: Cedar, Rego, and the OpenFGA modeling language.   #explain   #opa


Ransomware in the Cloud: Scattered Spider Targeting Insurance and Financial Industries
EclecticIQ analysts discovered ransomware operations by SCATTERED SPIDER targeting cloud infrastructures within the insurance and financial sectors.   #attack   #azure


Noisy Neighbor Detection with eBPF
This article discusses Netflix's use of eBPF to detect noisy neighbors in cloud environments. It explains their custom solution for identifying CPU-hogging processes and mitigating their impact on shared resources, improving overall system performance and reliability.   #build


Hacking misconfigured AWS S3 buckets: A complete guide
Some of the most common security misconfigurations in AWS S3 buckets.   #attack   #aws


Kubernetes CRD generation pitfalls
A blog about some pitfalls learned generating Kubernetes Custom Resources with "controller-gen" over the years, and how to do more rigid validation and defaulting with it.   #build   #kubernetes


Privilege Elevation in Entra ID: UnOAuthorized
This article discusses how attackers can exploit Microsoft applications to gain unauthorized privilege elevation in Active Directory environments, highlighting risks and providing mitigation strategies for administrators to protect against such threats.   #attack   #azure


CloudGoat Official Walkthrough Series: glue_privesc
This blog post walks through one of the newest CloudGoat scenarios, glue_privesc, where you will attempt to move through an AWS environment and perform privilege escalation against the Glue service in order to capture the flag.   #attack   #aws

Level Up Your Cloud Security Career
Ready to boost your Cloud Security career? 📙 The CloudSec Engineer gives you actionable, no-nonsense advice from my own personal experience.
Whether you’re breaking into the field, moving to senior levels, or eyeing leadership roles, you’ll find practical tips to guide your path. Get the knowledge you need—plus bonus tools to organize your learning, interviews, and more.
Checkout the book

Tools


s3cme
Sample Go app repo with test and release pipelines optimized for software supply chain security (S3C). Includes Terraform setup for Artifact Registry on GCP with OpenID Connect (OIDC), so no need for service account keys or GitHub secrets.


CyberChef
The Cyber Swiss Army Knife - a web app for encryption, encoding, compression and data analysis.


proxy-to-gemini
A proxy sidecar to access Gemini models via OpenAI and Ollama APIs.


onepassword-sdk-python
Build integrations that programmatically access your secrets in 1Password.

From the cloud providers


#GCP   Introducing backup vaults for cyber resilience and simplified Compute Engine backups
Google announced three major enhancements to the Google Cloud Backup and Disaster Recovery (DR) service: the new backup vault storage feature, a centralized backup management experience, and an integration within the Compute Engine VM creation experience.


#GCP   Cut through the noise with new log scopes for Cloud Observability
New log scopes in Cloud Observability tools make it easier to find relevant log data for your environment.

Thanks for reading!

If you found this newsletter helpful, I'd really appreciate if you could forward it to your friends and colleagues! 👌

If you have questions, comments, or feedback, let me know on Twitter (@lancinimarco / @CloudSecList), or at feedback.cloudseclist.com!

Thanks,
Marco
Forward Forward
Twitter Tweet
Share Share

How did you like this issue of CloudSecList?

1       2       3       4       5

Archives View in browser Sponsorship
© 2019-present CloudSecList · Marco Lancini