Release Date: 02/02/2025 | Issue: 273
Know someone who'd find this useful? Forward this email
CloudSecList is a newsletter for busy professionals who want to keep up to date with the cloud security industry. Hand-curated by Marco Lancini.
Sponsor

10 Best Practices for Cloud Visibility
Securing your cloud environment starts with visibility—but how do you ensure you’re seeing everything you need? Our Cloud Visibility Playbook: 10 Practices to Secure Cloud Environments is here to help. This practical guide outlines 10 proven strategies that security teams like yours can implement to:
  • Gain full visibility and control over your cloud assets
  • Streamline security operations with a unified, centralized view
  • Identify and mitigate risks early—before they escalate into major threats
Get the Guide

This week's articles


How Palantir Secures Source Control
How Palantir protects source code, from zero-trust development to commit signing.   #ci/cd   #defend   #process   #strategy   #supply-chain


A Commencement Into Real Kubernetes Security
Slides for a ShmooCon 2025 talk challenging what we think we know about securing Kubernetes.   #defend   #kubernetes


Wiz Research Uncovers Exposed DeepSeek Database Leaking Sensitive Information, Including Chat History
A publicly accessible database belonging to DeepSeek allowed full control over database operations, including the ability to access internal data. The exposure includes over a million lines of log streams with highly sensitive information.   #attack   #saas


almost_pwned
A sophisticated phishing attack targeting Google accounts, made possible by exploiting Google's official URL shortcut.   #attack   #gsuite


Best practices for key derivation
This post covers best practices for using KDFs, including specialized scenarios that require careful treatment of key derivation to achieve the desired security properties.   #defend   #strategy


AWS EKS Access Management & Permissions
This post explores the following AWS EKS technologies, and applies them to the context of a real scenario: aws-auth (2018), IRSA (IAM Roles for Service Accounts) (2019), EKS Pod Identities (2023), and EKS Cluster Access Management (2023).   #aws   #iam   #kubernetes


Introduction to Detection Engineering with Sigma
This post introduces detection engineering and Sigma rules. It covers Sigma's purpose, syntax, and benefits for threat detection across diverse log sources and SIEM platforms.   #explain   #monitor


Clone2Leak: Your Git Credentials Belong To Us
A bug in GitHub Desktop allows a malicious repository to leak the user's credentials.   #attack   #ci/cd


Phishing for Refresh Tokens
Leveraging AiTM and the OAuth 2.0 authorization code flow to steal access and refresh tokens.   #attack   #saas

Level Up Your Cloud Security Career

Ready to boost your Cloud Security career? 📙 The CloudSec Engineer gives you actionable, no-nonsense advice from my own personal experience.
Whether you’re breaking into the field, moving to senior levels, or eyeing leadership roles, you’ll find practical tips to guide your path. Get the knowledge you need—plus bonus tools to organize your learning, interviews, and more.
Learn more

Tools


bedrock-secure-questionnaire-automation
Infrastructure-as-code for a serverless knowledge base using Amazon Bedrock, Aurora PostgreSQL, Lambda, and S3.


endoflife.date
Check end-of-life, support schedule, and release timelines for more than 200 products at one place.


baitroute
A web honeypot library to create vulnerable-looking endpoints to detect and mislead attackers.


goose
An open-source, extensible AI agent that goes beyond code suggestions - install, execute, edit, and test with any LLM.


garak
Garak checks if an LLM can be made to fail in a way we don't want.

From the cloud providers


#AWS   Issue with AWS Sign-in IAM User Login Flow - Possible Username Enumeration (CVE-2025-0693)
AWS identified CVE-2025-0693 in the AWS Identity and Access Management (AWS IAM) Sign-in login flow. This issue could allow an actor to enumerate AWS IAM usernames by measuring server response times during login attempts.


#AWS   Announcing upcoming changes to the AWS Security Token Service global endpoint
To help improve the resiliency and performance of applications, AWS is making changes to the STS global endpoint, with no action required from customers. These changes will be released in the coming weeks.


#AWS   Testing and evaluating GuardDuty detections
Deep dive into an open source tool for testing GuardDuty findings.


#AWS   AWS Firewall Manager retrofitting: Harmonizing central security with application team flexibility
Post talking about the benefits of retrofitting and how you can use this feature to allow Firewall Manager to manage existing web ACLs.


#GCP   Introducing Workload Manager custom rules
With new Workload Manager custom rules, you can validate your Google Cloud deployments against best practices to help ensure they are compliant.


#GCP   How Google Does It: How we secure our own cloud
Seth Vargo, distinguished software engineer responsible for Google's use of the public cloud, shares a peek under the hood at how Google uses and secures its own cloud environments.


#GCP   Privacy-preserving Confidential Computing now on even more machines and services
Google updated Confidential Computing so it's available on even more machine types than before.


#GCP   How we're making GKE more secure with supply-chain attestation and SLSA
You can now verify the integrity of Google Kubernetes Engine components with SLSA, the Supply-chain Levels for Software Artifacts framework.


#AZURE   Step-by-Step Guide : How to use Temporary Access Pass with internal guest users
The guide explains how to use Temporary Access Pass (TAP) with internal guest users in Microsoft Entra ID. TAP is a time-limited passcode designed for single use or multiple sign-ins, enhancing security by enabling passwordless authentication.

Thanks for reading!

If you found this newsletter helpful, I'd really appreciate if you could forward it to your friends and colleagues! 👌

If you have questions, comments, or feedback, let me know on Twitter (@lancinimarco / @CloudSecList), or at feedback.cloudseclist.com!

Thanks,
Marco
Forward Forward
Twitter Tweet
Share Share

How did you like this issue of CloudSecList?

1       2       3       4       5

Archives View in browser Sponsorship
© 2019-present CloudSecList · Marco Lancini