Release Date: 15/12/2024 | Issue: 268
Know someone who'd find this useful? Forward this email
CloudSecList is a newsletter for busy professionals who want to keep up to date with the cloud security industry. Hand-curated by Marco Lancini.
๐ŸŽ„ Holiday Break ๐ŸŽ„
After this issue, I will take a couple weeks off to disconnect and recharge.
CloudSecList will return in January!

This week's articles


From Remediation to Mitigation: Addressing Insecure-by-Design Flaws
This post explores the complexities of insecure-by-design vulnerabilities in cloud systems, which are inherent to the system's functionality and often overlooked.   #defend   #design   #strategy


Streamlining Security Incident Response with Automation and Large Language Models
By integrating automation and leveraging Large Language Models (LLMs), the Threat Detection and Response (TDR) team at Mercari reduced manual effort and increased the speed and accuracy of their responses.   #defend   #monitor   #process


How Adversaries Abuse Serverless Services to Harvest Sensitive Data from Environment Variables
How threat actors can exploit sensitive data stored in serverless environment variables in AWS, Azure, GCP and Kubernetes, and the use of cloud-offensive tools for this purpose.   #attack   #aws   #azure   #gcp   #kubernetes


Exploring AWS STS AssumeRoot
A post from the Elastic team exploring AWS STS AssumeRoot, its risks, detection strategies, and practical scenarios to secure against privilege escalation and account compromise.   #aws   #elastic   #monitor


Tales from the cloud trenches: Unwanted visitor
A cloud attack targeting Amazon SES, persistence, and a malicious AWS account ID.   #attack   #aws


Log Poisoning in Microsoft Sentinel
This article discusses log poisoning attacks against Microsoft Sentinel, explaining how attackers can manipulate logs to evade detection. It covers attack techniques, potential impacts, and mitigation strategies for defenders to protect their SIEM environments.   #azure   #monitor


Microsoft Azure Cross Tenant Azure AD Domain Join & RBAC Goofiness
Microsoft Azure allows Windows Virtual Machines to join an Entra tenant that differs from the hosting tenant, using an Azure AD VM Extension for domain joining.   #attack   #azure

Level Up Your Cloud Security Career

Ready to boost your Cloud Security career? ๐Ÿ“™ The CloudSec Engineer gives you actionable, no-nonsense advice from my own personal experience.
Whether youโ€™re breaking into the field, moving to senior levels, or eyeing leadership roles, youโ€™ll find practical tips to guide your path. Get the knowledge you needโ€”plus bonus tools to organize your learning, interviews, and more.
Learn more

Tools


supply-chain-firewall
A tool for preventing the installation of malicious PyPI and npm packages. You can also refer to the companion blog post.


terraform-provider-statefile-rce
This terraform provider can be used to get remote code execution by injecting a dummy resource in a writeable state file.


access
Access, a centralized portal for employees to transparently discover, request, and manage their access for all internal systems needed to do their jobs.


vanir
Vanir is a source code-based static analysis tool that automatically identifies the list of missing security patches in the target system. You can also refer to the companion blog post.


semgrep-rules
35 more Semgrep rules from Trail of Bits. You can also refer to the companion blog post.

From the cloud providers


#AWS   AWS Network Firewall Geographic IP Filtering launch
Geographic IP Filtering is a new feature of Network Firewall that you can use to filter traffic based on geographic location and meet compliance requirements.


#AWS   AWS Control Tower launches managed controls using declarative policies
These policies are a set of new optional controls that help you consistently enforce the desired configuration for a service.


#AWS   AWS Config now supports a service-linked recorder
AWS Config added support for a service-linked recorder, a new type of AWS Config recorder that is managed by an AWS service and can record configuration data on service-specific resources, such as the new Amazon CloudWatch telemetry configurations audit.


#AWS   A practical guide to getting started with policy as code
Post detailing the concepts, processes, and steps to get started with policy as code (PaC) and adopt this into your software development lifecycle.


#GCP   Locking down Cloud Run: Inside Commerzbank's adoption of Custom Org Policies
Commerzbank has adopted Google Cloud's Custom Org Policies to enhance security for its Cloud Run environments, addressing the critical need for robust security in financial services.


#GCP   Improve your security posture with expanded Custom Org Policy
Administrators can use custom organization policies to set granular resource configurations in order to enhance security posture, address regulatory requirements, and increase operational efficiencies, all without impacting development velocity.

Thanks for reading!

If you found this newsletter helpful, I'd really appreciate if you could forward it to your friends and colleagues! ๐Ÿ‘Œ

If you have questions, comments, or feedback, let me know on Twitter (@lancinimarco / @CloudSecList), or at feedback.cloudseclist.com!

Thanks,
Marco
Forward Forward
Twitter Tweet
Share Share

How did you like this issue of CloudSecList?

1       2       3       4       5

Archives View in browser Sponsorship
ยฉ 2019-present CloudSecList ยท Marco Lancini