Release Date: 24/11/2024 | Issue: 265
Know someone who'd find this useful? Forward this email
CloudSecList is a newsletter for busy professionals who want to keep up to date with the cloud security industry. Hand-curated by Marco Lancini.
Sponsor
Cloud. Insurance. Do those two words seem strange next to one another? That’s because true cloud commitment insurance has never existed before Archera. Unlike a traditional FinOps platform, Archera is a cloud insurance provider that takes the risk out of forecasting your cloud spend. They actually reimburse you (right into your bank account!) if you overcommit on AWS Savings Plans or reserved instances. And they offer long or shorter term commitments—as low as 30 days—to provide flexibility. Bet big on growth in the new year with less risk. Check out Archera’s insured commitments
Cross-IdP impersonation is a growing trend as a method of hijacking SSO to access downstream apps, without needing to compromise accounts on your company's main IdP.
#attack #saas
PyPI has introduced index-hosted digital attestations, improving upon traditional PGP signatures to enhance security, usability, and cryptographic verification in the Python ecosystem.
#announcement #defend #supply-chain
A series of vulnerabilities found in Google's Architecture Diagramming Tool, leading to its eventual decommissioning due to security concerns.
#attack #gcp
This post explores this new feature, how it helps, what its limits are, and what we might see in the future.
#aws #explain #iam
Sponsor CloudSecList in 2025
If you want to get your product in front of thousands of security professionals, ranging from engineers to CISOs and VCs, at companies ranging from small start-ups to Fortune500 and FAANG, take a look at: 🔗 cloudseclist.com/sponsor
AWS recommends that you update your workflows that process the userName, principalId, userIdentity type, or group displayName fields in CloudTrail events for IAM Identity Center before these changes take effect on January 13, 2025.
AWS announced Virtual Private Cloud (VPC) Block Public Access (BPA), a new centralized declarative control that enables network and security administrators to authoritatively block Internet traffic for their VPCs.
AWS Identity and Access Management (IAM) is launching a new capability allowing security teams to centrally manage root access for member accounts in AWS Organizations. You can now easily manage root credentials and perform highly privileged actions.
AWS CLI v2 now supports OAuth 2.0 authorization code flows using the Proof Key for Code Exchange (PKCE) standard. This provides a simple and safe way to retrieve credentials for AWS CLI commands.