Release Date: 26/01/2025 | Issue: 272
Know someone who'd find this useful? Forward this email
CloudSecList is a newsletter for busy professionals who want to keep up to date with the cloud security industry. Hand-curated by Marco Lancini.
Sponsor

SOAR isn’t dead - but it can hold your teams back
Outdated SOAR platforms can slow your response times and leave your team struggling to keep up with emerging threats. Today’s biggest security challenges demand evolved solutions that are AI-driven, easy to connect with your tech stack, and built for scale. This SOAR Buyer’s Guide helps you pinpoint where next-gen orchestration and automation can deliver the greatest impact for your team - and choose the right tools to support these priorities.
Get the latest guide from Tines today to help you navigate the SOAR landscape.

This week's articles


Passkeys: they're not perfect but they're getting better
Passkeys are the future of authentication, offering enhanced security and convenience over passwords, but widespread adoption faces challenges that the NCSC is working to resolve.   #defend   #iam   #strategy


Stratoshark: Extending Wireshark's legacy into the cloud
Sysdig released Stratoshark, which applies the proven Wireshark philosophy to a new domain: system calls.   #announcement


AI agent authentication: it's just OAuth
How should we authenticate AI agents? We don't need to completely reinvent the wheel -- we already have OAuth, which gives us most of what we need for controlled, auditable access delegation.   #iam


OWASP Non-Human Identities Top 10:Forging a New Standard in Cloud Security
The OWASP Non-Human Identities Top 10 project outlines the most critical risks associated with non-human identities (NHIs) in cloud security, which outnumber human identities significantly.   #defend   #explain   #iam


DevOps access is closer than you assume
Azure DevOps can be accessed using multiple 1st party client ids, allowing anyone to pivot from a stolen session to access the repositories.   #attack   #azure   #ci/cd


A hands-on lab: Why running as root in Kubernetes containers is dangerous?
Through practical tests, this article demonstrates how running as root can lead to vulnerabilities, such as downloading and executing malware, accessing host resources, and potential privilege escalation.   #attack   #containers   #kubernetes


Exploring the Kubernetes API Server Proxy
The Kubernetes API server can act as an HTTP proxy server, allowing users with the right access to get to applications they might otherwise not be able to reach.   #explain   #kubernetes


Attacks on Maven proxy repositories
This post describes PoC exploits that can lead to pre-auth remote code execution and poisoning of the local artifacts in Sonatype Nexus and JFrog Artifactory.   #attack   #ci/cd   #supply-chain

Sponsor

Is Your Cloud Data Secure From Gen AI?
Generative AI offers exciting innovation but also introduces new security challenges. Varonis' cloud data risk assessment provides a thorough overview of your data security risks and offers actionable steps to remediation. After your free assessment, you can confidently implement generative AI, knowing your sensitive information is protected and compliance is maintained.
Start Your Free Cloud Data Risk Assessment Today

Tools


mise
Dev tools, env vars, task runner.


authentik
Authentik is an open-source Identity Provider that emphasizes flexibility and versatility, with support for a wide set of protocols.


crx-analyzer
Local CLI tool for browser extension risk analysis.


actions-runner-controller
Kubernetes controller for GitHub Actions self-hosted runners.

From the cloud providers


#AWS   Safeguard your generative AI workloads from prompt injections
This blog post provides an overview of prompt injection risks in generative AI applications and outlines effective strategies for mitigating these risks on Bedrock.


#GCP   Unifying Your Cloud Defenses: Security Command Center & Cloud NGFW Enterprise
The article discusses the integration of Google Cloud's Security Command Center (SCC) and Cloud Next Generation Firewall (NGFW), by combining threat detection from NGFW with SCC's automation and response features.


#GCP   New to Google SecOps: An Introduction to Native Dashboards
An overview of the newly launched dashboarding capabilities within Google SecOps, enabling users to create custom dashboards using statistical search syntax.


#GCP   Introducing BigQuery metastore, a unified metadata service with Apache Iceberg support
BigQuery metastore is a highly scalable runtime metadata service that works with multiple engines, for example, BigQuery, Apache Spark, Apache Hive and Apache Flink, and supports the open Apache Iceberg table format.

Thanks for reading!

If you found this newsletter helpful, I'd really appreciate if you could forward it to your friends and colleagues! 👌

If you have questions, comments, or feedback, let me know on Twitter (@lancinimarco / @CloudSecList), or at feedback.cloudseclist.com!

Thanks,
Marco
Forward Forward
Twitter Tweet
Share Share

How did you like this issue of CloudSecList?

1       2       3       4       5

Archives View in browser Sponsorship
© 2019-present CloudSecList · Marco Lancini