Release Date: 09/02/2025 | Issue: 274
Know someone who'd find this useful? Forward this email
CloudSecList is a newsletter for busy professionals who want to keep up to date with the cloud security industry. Hand-curated by Marco Lancini.
Sponsor

What's the right balance between automation and human oversight in the SOC?
SOC teams are under pressure to do more with less. Is the "autonomous SOC" the answer?

On February 27, join Tines CEO Eoin Hinchy and guest speaker Allie Mellen, Principal Analyst at Forrester Research, for a webinar on the evolving role of AI and automation in the future of SOCs and best-practices for balancing autonomous systems with human oversight.
Register now for February 27!

This week's articles


Google's Blueprint for a High-Assurance Web Framework
Learn about how Google has created and deployed a high-assurance web framework that almost completely eliminates exploitable web vulnerabilities.   #defend   #design   #strategy


Revolutionizing software testing: Introducing LLM-powered bug catchers
A novel approach which aims to enhance software reliability by generating specific faults (mutants) in the source code and creating targeted tests to catch these faults, particularly focusing on privacy-related issues.   #ai   #build


How to bypass GitHub's Branch Protection
Post taking a look at branch protection (protected branches) on GitHub; in particular, whether it's possible for attackers to bypass rules requiring approval to merge pull requests.   #attack   #ci/cd   #defend


LLM x SRE: Mercari's Next-gen Incident Handling Buddy
An on-call buddy designed to assist Mercari engineers in rapidly resolving incidents, thus reducing the Mean Time to Recovery (MTTR), and reducing on-call handling costs for companies and engineers.   #build   #monitor


Common OAuth Vulnerabilities
A comprehensive guide on known attacks against OAuth implementations, together with a checklist that should prove useful for testers and developers alike to quickly assess whether their implementation is secure.   #attack   #build


OPA Gatekeeper Bypass Reveals Risks in Kubernetes Policy Engines
Post diving into the potential risks of Kubernetes policy enforcement, focusing on how seemingly secure rules, such as those used in OPA Gatekeeper, can be bypassed if not carefully configured.   #attack   #kubernetes   #opa


CopyObjection: Fending off ransomware in AWS
In a compromised AWS environment, adversaries can copy S3 objects, encrypt them, and prevent the victim from recovering the encryption keys.   #attack   #aws


RogueOIDC: AWS Persistence and Evasion through attacker-controlled OIDC Identity Provider
This research shows what an attacker can achieve after creating a malicious OIDC identity provider in AWS and how they can do it. The article presents novel techniques and tools for persistence and evasion.   #attack   #aws


How Adversaries Exploit Unmonitored Cloud Regions to Evade Detection
This blog explores how unused cloud regions can be abused, the tools that enable such exploits, and strategies to mitigate these risks.   #attack   #aws   #monitor


SlackPirate Set Sails Again! Or: How to Send the Entire "Bee Movie" Script to Your Friends in Slack
The revival of SlackPirate, a tool designed to extract valuable data from Slack, including private keys and user information.   #attack   #saas

Sponsor CloudSecList in 2025

If you want to get your product in front of thousands of security professionals, ranging from engineers to CISOs and VCs, at companies ranging from small start-ups to Fortune500 and FAANG, take a look at:
๐Ÿ”— cloudseclist.com/sponsor

Tools


terraform-aws-vulne-soldier
This Terraform module consists of the configuration for automating the remediation of AWS EC2 vulnerabilities using AWS Inspector findings.


httptap
View HTTP/HTTPS requests made by any Linux program.


aws-config-rules
Repository of sample Custom Rules for AWS Config.


StsSamlDriver
A Python-based SAML authentication handler for AWS STS that allows you to get temporary credentials using SAML to the AWS CLI.


tailpipe
An open source SIEM for instant log insights, powered by DuckDB.

From the cloud providers


#AWS   Enhancing resource-level permission for creating an Amazon EBS volume from a snapshot
Post outlining the changes to resource-level permission, explore use cases for their implementation, and discuss the importance of adopting this improved permission model.


#AWS   AWS IAM announces support for encrypted SAML assertions
You can now configure your identity provider to encrypt the SAML assertions that it sends to IAM.


#AWS   Implement effective data authorization mechanisms to secure your data used in generative AI applications - part 2
Depending on where the data sits as part of the generative AI application, you will need to use different implementations of data authorization, and there isn't a one-size-fits-all solution.


#AWS   Amazon Redshift enhances security by changing default behavior in 2025
These changes include disabling public accessibility, enabling database encryption, and enforcing secure connections.

Thanks for reading!

If you found this newsletter helpful, I'd really appreciate if you could forward it to your friends and colleagues! ๐Ÿ‘Œ

If you have questions, comments, or feedback, let me know on Twitter (@lancinimarco / @CloudSecList), or at feedback.cloudseclist.com!

Thanks,
Marco
Forward Forward
Twitter Tweet
Share Share

How did you like this issue of CloudSecList?

1       2       3       4       5

Archives View in browser Sponsorship
ยฉ 2019-present CloudSecList ยท Marco Lancini