Release Date: 03/11/2024 | Issue: 262
Know someone who'd find this useful? Forward this email
CloudSecList is a newsletter for busy professionals who want to keep up to date with the cloud security industry. Hand-curated by Marco Lancini.
Sponsor

A compromised account shouldn't compromise all accounts
Email accounts are a fast way for attackers to gain access to a wide range of systems that result in costly data breaches.
Despite the broad risks, the typical controls are often no more than an authenticated user session—which can be easily hijacked or bypassed.
Material limits lateral account takeovers by adding an authentication step for password resets and other identity verification messages.
Detect compromised email accounts and minimize their impact radius with Material.
Learn More

This week's articles


Exploring Google Cloud Default Service Accounts: Deep Dive and Real-World Adoption Trends
This post offers a deep dive into Google Cloud's default service accounts, explaining their functionality, risks, and real-world adoption trends.   #explain   #gcp   #iam


EMERALDWHALE: 15k Cloud Credentials Stolen in Operation Targeting Exposed Git Config Files
This campaign used multiple private tools that abused multiple misconfigured web services, allowing attackers to steal credentials, clone private repositories, and extract cloud credentials from their source code. Credentials for over 10,000 private repositories were collected during the operation.   #attack   #aws


AWS CDK Risk: Exploiting a Missing S3 Bucket Allowed Account Takeover
The impact of this issue could, in certain scenarios, allow an attacker to gain administrative access to a target AWS account, resulting in a full account takeover.   #attack   #aws


Breaking free from the chains of fate - Bypassing AWSCompromisedKeyQuarantineV2 Policy
The article explores how threat actors manage to work around the limitations of the quarantine policy (AWSCompromisedKeyQuarantineV2) that is applied to identities whose credentials are leaked.   #attack   #aws   #iam


Apple - Security research on Private Cloud Compute
Apple is inviting security and privacy researchers to inspect PCC's security features by providing access to the PCC Virtual Research Environment (VRE) and expanding the Apple Security Bounty program to include PCC-related vulnerabilities.   #announcement


I bought us-east-1.com: A Look at Security, DNS Traffic, and Protecting AWS Users
When people think about the term "us-east-1", they often think of AWS's very data center region that powers countless businesses worldwide. But what if someone registered the us-east-1.com domain?   #attack   #aws   #defend


Reusable workflow is good ... Until you realize your identity is also reusable by anyone
If you are implementing GitHub Actions authentication workflow on cloud, make sure the condition on sub claim is restricted as specific as who you want to access your cloud account.   #build   #ci/cd   #process

Sponsor CloudSecList in 2025

CloudSecList is looking for sponsors for 2025! Some stats:
  • >10,000 Current Active Subscribers
  • 4.89/5 Subscriber Rating
  • ~50% Weekly Open Rate
  • ~40% Weekly Click-through Rate
More details at: 🔗 cloudseclist.com/sponsor

Tools


control-tags
A tag-based control plane for tagging operations on AWS.


cedar-access-control-for-k8s
This project allows to enforce access control on Kubernetes API requests using Cedar policies.


bruno
Opensource IDE For Exploring and Testing APIs.


SkyScalpel
A framework for JSON policy parsing, obfuscation, deobfuscation, and detection in cloud environments. You can also refer to the companion blog post.

From the cloud providers


#AWS   How to mitigate bot traffic by implementing Challenge actions in your AWS WAF custom rules
By implementing this action type through a custom rule, you can set up basic, cost-effective measures to handle basic bots and control automated traffic to your applications.


#AWS   Amazon Virtual Private Cloud launches new security group sharing features
You can now associate a security group with multiple VPCs in the same account using Security Group VPC Associations. When using shared VPC, you can now also share security groups with participant accounts in that shared VPC using Shared Security Groups.


#AWS   How to implement trusted identity propagation for applications protected by Amazon Cognito
How to use an Amazon Cognito user pool as a trusted token issuer for IAM Identity Center.


#AWS   Adding threat detection to custom authentication flow with Amazon Cognito advanced security features
How you can use the advanced security features of Amazon Cognito to add threat detection to your passwordless authentication custom authentication flow.


#GCP   When two become one: Integrating Google Cloud Organizations after a merger or acquisition
When two companies engage in a merger or acquisition, you need to Integrate their cloud domains and organizations. Here's how on Google Cloud.

Thanks for reading!

If you found this newsletter helpful, I'd really appreciate if you could forward it to your friends and colleagues! 👌

If you have questions, comments, or feedback, let me know on Twitter (@lancinimarco / @CloudSecList), or at feedback.cloudseclist.com!

Thanks,
Marco
Forward Forward
Twitter Tweet
Share Share

How did you like this issue of CloudSecList?

1       2       3       4       5

Archives View in browser Sponsorship
© 2019-present CloudSecList · Marco Lancini