Release Date: 02/03/2025 | Issue: 277
Know someone who'd find this useful? Forward this email
CloudSecList is a newsletter for busy professionals who want to keep up to date with the cloud security industry. Hand-curated by Marco Lancini.
Sponsor

Automate 95% of Your Threat Detection and Triaging
Far too much of your security team’s time is wasted on manually triaging, investigating, and remediating threats: every minute spent chasing false positives is a minute not spent on mission-critical tasks. Trusted by companies like Lyft, Databricks, and Carta, Material Security helps strike the right balance with AI-powered detections and truly automated remediations across your productivity suite, along with flexible controls and granular settings that match your needs.
See the Material Difference

This week's articles


2025 State of Detection Engineering Report
The 2025 State of Detection Engineering Report from Anvilogic & SANS reveals key trends & challenges in detection engineering, from AI adoption to skill gaps and data access.   #ai   #defend   #monitor


The Bybit Incident: When Research Meets Reality
In one of the largest thefts in digital asset history, hackers gained access to an offline Ethereum wallet and stole $1.5 billion worth of digital assets, primarily consisting of Ethereum tokens.   #attack


The Risk You Can't Afford to Ignore: AWS SES and Email Spoofing
This article discusses AWS SES email spoofing vulnerabilities, potentially enabling phishing attacks.   #attack   #aws


Kubernetes Audit Log "Gotchas"
How to overcome challenges and security gaps when using K8s audit logs for forensics and attack detection.   #kubernetes   #monitor


Optimizing GitHub security at Sendbird: Challenges & key takeaways
The story of the challenges and key improvements to Sendbird's GitHub security posture.   #ci/cd   #defend   #strategy


The ultimate guide to token management at GitLab
How did we end up needing 16 different types of tokens to secure CI/CD access?   #ci/cd   #defend


Advanced Nginx Hardening
Article exploring Nginx configuration options that simplify monitoring, enhance performance, and strengthen security.   #defend   #monitor

Sponsor

[Panel recap] Trends in Cloud Security: From Cloud to Workloads
Hear top security minds tackle cloud security’s biggest headaches—because managing identities and workloads shouldn’t feel like a never-ending game of whack-a-mole. Some tips:
  • Start with inventory: If you don’t know what you have, you can’t secure it
  • JIT access: Least privilege != never gets access
  • Permission boundaries: Stop handing out "god mode" like candy
  • Lifecycle management: Aging accounts = ticking time bombs
  • Automate or suffer: Manual processes can’t keep up with scale
Read the recap or view the full panel discussion.

Tools


gcp-landing-zone
This repository contains the Terraform code necessary to set up a Landing Zone using the Google Cloud Platform (GCP).


BLAFS
A Bloat Aware Filesystem for Container Debloating.


maester
A PowerShell based test automation framework to help you stay in control of your Microsoft security configuration.


noCAP
Lightweight security tool for auditing your organization's Conditional Access Policies (CAPs) in Microsoft Entra ID for potential misconfigurations.


Cerbos Game
A game to learn about Cerbos policies.

From the cloud providers


#AWS   From log analysis to rule creation: How AWS Network Firewall automates domain-based security for outbound traffic
Post guiding you through the implementation of the AWS Network Firewall automated domain list feature, providing a detailed overview, step-by-step instructions, and best practices to optimize your network security.


#AWS   Connect your on-premises Kubernetes cluster to AWS APIs using IAM Roles Anywhere
IAM Roles Anywhere enables workloads outside of AWS to access AWS resources by exchanging X.509 bound identities for temporary AWS credentials.


#AWS   Four ways to grant cross-account access in AWS
Four different ways to grant cross-account access using resource-based policies.


#GCP   Finding Malware: Detecting Fake Browser Updates Attacks with Google Security Operations
This post dive into Fake Browser Update Attacks, the payloads they deliver, and detection opportunities within the Google SecOps platform.


#GCP   Inter-VPC connectivity architecture patterns in Cross-Cloud Network
How to use Cross-Cloud Network to design inter-network communication architectures with Network Connectivity Center or VPC peering.

Business News

Thanks for reading!

If you found this newsletter helpful, I'd really appreciate if you could forward it to your friends and colleagues! 👌

If you have questions, comments, or feedback, let me know on Twitter (@lancinimarco / @CloudSecList), or at feedback.cloudseclist.com!

Thanks,
Marco
Forward Forward
Twitter Tweet
Share Share

How did you like this issue of CloudSecList?

1       2       3       4       5

Archives View in browser Sponsorship
© 2019-present CloudSecList · Marco Lancini