Release Date: 22/09/2024 | Issue: 256
Know someone who'd find this useful? Forward this email
CloudSecList is a newsletter for busy professionals who want to keep up to date with the cloud security industry. Hand-curated by Marco Lancini.
Sponsor

Here are 3 exciting things you can do when participating in SentinelOne's Cloud ThreatOps Challenge on September 25th.
  • Compete to find the most known and advanced persistent threats, as fast as possible
  • Win up to $200 in gift cards (if you are into that)
  • Earn 3 CPE credits for 2 hours of fun
You want to improve your threat hunting skills, might as well have fun and be rewarded! We'll see you there

This week's articles


Cloud Logging Tips and Tricks
Post which reviews different log types and unveils some tricks to optimize logging configuration without straining budgets.   #aws   #azure   #gcp   #monitor


Beyond the AWS Security Maturity Roadmap
Slides from a talk focusing on the problems you'll encounter scaling a cloud security program.   #strategy


Scorecarding Security
A survey of approaches to scorecarding in security programs.   #strategy


What to Do With Products Without SSO?
This article isn't complaining about SSO-taxing vendors, but it covers how to implement similar security measures without such a centralized mechanism.   #iam   #saas   #strategy


Non-Actionable Findings in 3rd-party Security Scanners...and How to Identify Them
False positive are a recurring issue when working with external scanning tools. This blog post discusses the most common types of false positives the AutoVM team at Google has observed in this context and provides instructions on how to identify them.   #defend   #process


You can Access Private Azure DevOps Repo Data
When users create a private fork of a public repository and then commit data to the private fork, all of their private commits are publicly visible.   #attack   #azure


Transitive Access Abuse - Data Exfiltration via Document AI
The Document AI service unintentionally allows users to read any Cloud Storage object in the same project and write to an attacker-controlled location.   #attack   #gcp


Security Flaw in AWS Transit Gateway Peering Attachments
This article discusses a potential exploit in AWS Transit Gateway peering that could allow unauthorized access across accounts.   #attack   #aws


Escalating from Reader to Contributor in Azure API Management
This blog post shows how a user with Reader-level access to an Azure API Management resource actually had the equivalent of Contributor-level access, allowing the user to read, modify and even delete configurations of the resource via the Direct Management API.   #attack   #azure   #iam


Hidden in Plain Sight: Abusing Entra ID Administrative Units for Sticky Persistence
AUs are a useful method for creating scoped Entra ID role assignments. However, this scoping also offers juicy new methods for anyone looking to persist quietly in an Azure tenant.   #attack   #azure

Sponsor CloudSecList in 2025

Looking to connect with over 10,000 cloud security experts?
Sponsoring CloudSecList is a great way to get your brand in front of a targeted, engaged audience. From security engineers to CISOs, our readers rely on us for the latest cloud-native security insights.

๐Ÿ”— cloudseclist.com/sponsor

Tools


ecapture
Capturing SSL/TLS plaintext without a CA certificate using eBPF.


stratus-red-team
Stratus Red Team now supports Entra ID.


iam-expand
Expand IAM Actions with Wildcards.


cloud-security-vm
Ansible/Vagrant/Packer files to create a virtual machine with the tooling needed to perform cloud security assessments.


azure-storage-reverse-shell
This GitHub Action sends a reverse shell from a runner via Azure Storage Account blobs.

From the cloud providers


#AWS   Amazon S3 Express One Zone now supports AWS KMS with customer managed key
This new encryption capability gives you an additional option to meet compliance and regulatory requirements when using S3 Express One Zone.


#AWS   New whitepaper available: Building security from the ground up with Secure by Design
A new whitepaper AWS recently authored with SANS Institute called Building Security from the Ground up with Secure by Design, which addresses SbD strategy and explores the effects of SbD implementations.


#AWS   Refine unused access using IAM Access Analyzer recommendations
The IAM Access Analyzer unused access recommendations feature streamlines the process towards least privilege by selecting the permissions that are used and retaining the resource and condition context from existing policies.


#AWS   Methodology for incident response on generative AI workloads
The AWS Customer Incident Response Team (CIRT) has developed a methodology that you can use to investigate security incidents involving generative AI-based applications.


#GCP   Reference Architecture for Confidential Data Processing in a Trusted Execution Environment
An architectural paradigm which tends to address privacy requirements for privacy-centric data management and exchange.


#GCP   Google Cloud's approach to change
How Google Cloud introduces code changes into its products by following a rigorous change management process.


#AZURE   Announcing mandatory multi-factor authentication for Azure sign-in
Required MFA for all Azure users will be rolled out in phases starting in the 2nd half of calendar year 2024.

Thanks for reading!

If you found this newsletter helpful, I'd really appreciate if you could forward it to your friends and colleagues! ๐Ÿ‘Œ

If you have questions, comments, or feedback, let me know on Twitter (@lancinimarco / @CloudSecList), or at feedback.cloudseclist.com!

Thanks,
Marco
Forward Forward
Twitter Tweet
Share Share

How did you like this issue of CloudSecList?

1       2       3       4       5

Archives View in browser Sponsorship
ยฉ 2019-present CloudSecList ยท Marco Lancini