Release Date: 17/11/2024 | Issue: 264
Know someone who'd find this useful? Forward this email
CloudSecList is a newsletter for busy professionals who want to keep up to date with the cloud security industry. Hand-curated by Marco Lancini.
Sponsor
In today's digital landscape, a new class of identities has emerged alongside traditional human users: non-human identities (NHIs). These NHIs are created and managed by human actions to enable automated processes, system-to-system communication, and cloud services. Permiso Security's new eBook details everything you need to know about creating, managing and securing non-human identities. Download it now
This post provides background on why and how Palantir initiated their Software Supply Chain Security (SSCS) program, and focuses on the threat model behind our security controls and posture.
#process #strategy #supply-chain
Explore Kubernetes control plane access vectors, risks, and security strategies to prevent unauthorized access and protect your clusters from potential threats.
#attack #defend #kubernetes
Learn about Kubernetes data plane access, including applications running on the cluster, container images, and execution-as-a-service workload types.
#attack #defend #kubernetes
How systems designed to automate Terraform lifecycle management can be exploited to compromise entire cloud environments.
#attack #ci/cd #iac #terraform
Microsoft has recently published a Graph API that allows administrators to pre-provision passkeys for users. From an offensive security point of view this raises the question whether this functionality can be abused to take over accounts.
#attack #azure
๐ [The CloudSec Engineer]
The CloudSec Engineer is discounted for a limited time! You can get a 30% discount by entering the following discount code at checkout: CYBERNOVEMBER24
Security Hub released new controls for Amazon Simple Notification Service (Amazon SNS) topic and AWS Key Management Service (AWS KMS) keys checking for public access.
The new CloudFormation deployment timeline view provides visibility into the orchestration flow and dependencies involved when CloudFormation provisions resources defined in your infrastructure-as-code templates.
New Resource Control Policies let you centrally restrict AWS service access across accounts, bolstering security with preventative controls that supersede permissive policies - even for external users.