Release Date: 20/10/2024 | Issue: 260
Know someone who'd find this useful? Forward this email
CloudSecList is a newsletter for busy professionals who want to keep up to date with the cloud security industry. Hand-curated by Marco Lancini.
Sponsor

Box stores important documents.
HIPAA forms. Credit card numbers. Confidential IP. Stuff that can’t leak, or everybody from the CISO down is about to have a very bad day.
Sometimes it’s helpful to use retrieval-augmented generation (RAG) to query those docs with AI. But any time it touches your data, Box AI must obey strict rules:
  • Scope permissions to authorized documents only
  • Never store or train on queries
  • Encrypt everything in transit and at rest
  • And more...

Here’s how Box secures RAG

This week's articles


Turning AWS Documentation into Gold: AI-Assisted Security Research
This article goes over how to use embeddings in AWS Bedrock, scraping AWS documentation, leveraging ripgrep for fast searches on local disk, and some interesting security research along the way.   #attack   #aws


Breaching the Data Perimeter: CloudTrail as a mechanism for Data Exfiltration
A - now fixed - AWS vulnerability that would have enabled potentially undetectable data exfiltration from even the most locked down of AWS accounts by leveraging the audit trail itself to stealthily leak data.   #attack   #aws   #monitor


Challenges with IP spoofing in cloud environments
This post explores the risks and challenges of IP spoofing in cloud environments, particularly in setups using reverse proxies. It outlines various mitigation strategies to ensure accurate client IP identification for security purposes.   #attack   #defend


CloudShell slip-up: command-line access to underlying AWS infrastructure
Incident Overview: During a cloud security training session, a delegate encountered an unexpected AWS account identity while using CloudShell.   #attack   #aws


A Guide to Subdomain Takeovers
The aim of this blog post is to provide a general understanding of subdomain misconfigurations, supplemented with up-to-date resources and tools.   #attack   #saas


Security Monitoring - Threat Modelling and Data Sources
The article discusses the approach to security monitoring through threat modeling and the identification of data sources, using a mock company as a case study.   #monitor


Perfecting Ransomware on AWS - Using "keys to the kingdom" to change the locks
This article discusses the shift from traditional data dumping in compromised AWS accounts to utilizing AWS KMS features for ransomware attacks.   #attack   #aws

Sponsor

Permiso Security’s State of Identity Security Survey Report
Despite growing investments, nearly half of companies remain concerned about their ability to detect and prevent identity-based attacks, which includes the targeting of human and non-human identities. It's time for a new approach to identity security. Download our report to discover:
  • Key trends shaping the identity security landscape.
  • Critical gaps in current security measures.
  • Strategies to protect all your organization's identities across all environments.
Download the report here

Tools


Spare Cores
Explore, search, and evaluate cloud compute resources, including diverse attributes such as CPU count, detailed processor information, memory, GPU, storage, network speed and capacity, available operating systems.


CloudGoat: New Scenario and Walkthrough (sns_secrets)
The sns_secrets scenario aims to teach users how to enumerate IAM permissions and discover SNS topics, starting with provided AWS credentials.


Microsoft-Analyzer-Suite
A collection of PowerShell scripts for analyzing data from Microsoft 365 and Microsoft Entra ID.


aws-redteam-kit
A PoC to simulate ransomware attacks on AWS.

From the cloud providers


#AWS   Code security scanning with Amazon Q Developer
This blog post explores the code security scanning feature of Amazon Q Developer and the security detectors that Amazon Q uses to scan your code.


#AWS   Streamline automation of policy management workflows with service reference information
You can now automate the retrieval of service reference information, eliminating manual effort and your policies align with the latest service updates.

Thanks for reading!

If you found this newsletter helpful, I'd really appreciate if you could forward it to your friends and colleagues! 👌

If you have questions, comments, or feedback, let me know on Twitter (@lancinimarco / @CloudSecList), or at feedback.cloudseclist.com!

Thanks,
Marco
Forward Forward
Twitter Tweet
Share Share

How did you like this issue of CloudSecList?

1       2       3       4       5

Archives View in browser Sponsorship
© 2019-present CloudSecList · Marco Lancini