Release Date: 13/10/2024 | Issue: 259
Know someone who'd find this useful? Forward this email
CloudSecList is a newsletter for busy professionals who want to keep up to date with the cloud security industry. Hand-curated by Marco Lancini.
Sponsor

A guide that you will actually use from Push Security ๐Ÿ‘‹
We're sharing a collection of SaaS attack techniques to help defenders understand the threats they face. Weโ€™ve pulled together all the techniques we're aware of and added a bunch of new ones. In this guide:
  • The SaaS Attacks Matrix and how it can benefit your red and blue teams
  • New SaaS-focused variations of older attacks
  • Brand new attack techniques against SaaS-native and hybrid organizations
  • What the cyber kill chain looks like when applied to SaaS-native and hybrid organizations
๐Ÿ‘‰ Grab it here ๐Ÿ‘ˆ

This week's articles


Cloud native incident response in AWS - Part II
How to quickly load data and search for interesting events in Athena.   #aws   #monitor


My Methodology to AWS Detection Engineering (Part 3 - Variable Scoring)
In variable scoring, when important context and interesting metadata is detected, the score can increase, signaling higher risk.   #monitor   #strategy


AWS Launches Improvements for Key Quarantine Policy
AWS made improvements to the AWSCompromisedKeyQuarantine policies in order to protect potentially compromised accounts. The changes were based on threat intelligence gathered from attacks being seen in the wild.   #aws   #defend   #monitor


5 Solutions for Multi-Cluster Communication in Kubernetes
This article introduces the basic principles, advantages, and limitations of five solutions for cross-Kubernetes cluster communication: underlay network, overlay CNI, submariner, skupper, and kubeslice.   #build   #kubernetes


Storing Sensitive Values in Terraform: Best Practices and Supported Backends
Post explaining tradeoffs between environment variables, Terraform Cloud/Enterprise Workspaces, external Secrets Managers, and encrypted Backend Storage.   #hashicorp   #iac   #terraform   #vault


Validating Cedar policies with GitHub Actions
Common Fate has developed a Validate Cedar Policies GitHub Action, which can be used in your GitHub-based CI/CD pipelines to validate Cedar policies before they are deployed.   #build   #iam


Okta Classic Application Sign-On Policy Bypass
On September 27, 2024, a vulnerability was identified in specific Okta configurations whereby an attacker with valid credentials could bypass configured conditions within application-specific sign-on policies.   #attack   #iam   #saas


The second half of software supply chain security on GitHub
Instead of trying to tackle everything at once, start by signing your builds with artifact attestations and verifying those signatures before you run them.   #ci/cd   #defend   #supply-chain

A Straightforward Guide to Cloud Security

Frustrated with career advice that misses the mark?
๐Ÿ“™ The CloudSec Engineer delivers real, practical insights for Cloud Security Engineers. From mastering key skills to landing your next job, every chapter gives you the tools to succeed, no fluff. Includes bonus templates for managing your projects and interviews!

Checkout the book

Tools


Granted now mitigates device auth phishing in AWS IAM Identity Center
A new browser extension for Granted which makes authenticating to AWS IAM Identity Center faster and more secure.


federator
Terraform templates for CI/CD to Cloud federation and Cloud2Cloud IAM federations.


IAMSpy
A library that utilises the Z3 prover to attempt to answer questions about AWS IAM.


chalice
A framework for writing serverless apps in python. It allows you to quickly create and deploy applications that use AWS Lambda.


venator
A flexible threat detection platform that simplifies rule management and deployment using K8s CronJob and Helm. You can also refer to the companion blog post.

From the cloud providers


#AWS   Improve security incident response times by using AWS Service Catalog to decentralize security notifications
A decentralized approach to security notifications, using a self-service mechanism powered by AWS Service Catalog to enhance response times.


#AZURE   File hosting services misused for identity phishing
Post discussing the typical attack chain used in campaigns misusing file hosting services and detail the recently observed tactics, techniques, and procedures (TTPs), including the increasing use of certain defense evasion tactics.

Thanks for reading!

If you found this newsletter helpful, I'd really appreciate if you could forward it to your friends and colleagues! ๐Ÿ‘Œ

If you have questions, comments, or feedback, let me know on Twitter (@lancinimarco / @CloudSecList), or at feedback.cloudseclist.com!

Thanks,
Marco
Forward Forward
Twitter Tweet
Share Share

How did you like this issue of CloudSecList?

1       2       3       4       5

Archives View in browser Sponsorship
ยฉ 2019-present CloudSecList ยท Marco Lancini