Release Date: 15/03/2020 | Issue: 28
The Cloud Security Reading List is a low volume mailing list (once per week) that highlights security-related news focused on the cloud native landscape,
hand curated by Marco Lancini.

This week's articles


The SOC2 Starting Seven
Good post about getting the basics right: 7 things you can do now that will simplify SOC2 for you down the road while making your life, or at least your security posture, materially better in the immediacy.


Dangers of HostPath PersistentVolumes
This post discusses some dangers that arise when using HostPath PersistentVolumes, which cannot be secured by operators and can result in Pod escapes.


Cloud WAF Comparison Using Real-World Attacks
Are the cloud WAFs any good in blocking common web application attacks? Someone decided to find out, and the results were surprising.


Through the Looking Glass: Understanding AWS Traffic Mirroring and Malicious Use
In part 1 of this series, the SpecterOps team talks through traffic mirroring functions within AWS and abuse scenarios of the feature.


Disaster Tolerance Patterns Using AWS Serverless Services
Post sharing the experiences and learnings gathered while embracing disaster tolerance using serverless. Key point: you should really design your cloud architectures for disaster tolerance from the start (even if it is counter intuitive to do so by lean principles).


7 Ways AWS Can Fix its Public S3 Bucket Problem
While it's true that AWS has done a lot in the past year to improve S3 bucket security, for some reason we’re still seeing breaches occur with a regular cadence. This post proposes some additional suggestions.


The Open-Source AWS Cyber Range
This project provides a bootstrap framework for a complete offensive, defensive, reverse engineering, & security intelligence tooling in a private research lab using the AWS Cloud. It contains vulnerable systems and a toolkit of the most powerful open-source / community edition tools known to Penetration testers.


How to Export Kubernetes Events for Observability and Alerting
Companion blog post for the open-source project Kubernetes Event Exporter, which watches for events and exports them to many systems such as Elasticsearch, Slack or plain webhooks.


What's new in Istio 1.5? New Features and Capabilities
Istio version 1.5, released on March 5, continues the shift towards operational maturity. This new release combines some major architectural and API changes with increased automation and tooling.


Sigma Detection Rules for AWS events
Some new rules for detecting important events (like disabling CloudTrail, or active usage of the root account) in the AWS Cloud.

From the cloud providers


AWS Icon  Bottlerocket – Open Source OS for Container Hosting
AWS released Bottlerocket, a new Linux-based open source operating system designed and optimized specifically for use as a container host.


AWS Icon  Bottlerocket update infrastructure
Bottlerocket also has a TUF (The Update Framework) implementation!


AWS Icon  How financial institutions can approve AWS services for highly confidential data
5 key considerations financial institutions should focus on to help streamline the whitelisting of cloud services for their most confidential data.


AWS Icon  Amazon EKS adds envelope encryption for secrets with AWS KMS
You can now use AWS KMS keys to provide envelope encryption of Kubernetes secrets stored in EKS.


Azure Icon  How to Use AKS Pod Identity with Vault
A demo showing how Vault can use Azure Active Directory authentication to allow pods running on AKS to access secrets stored in Vault.

Website
Twitter
Buy me a coffee
View this email in your browser Copyright Β© 2019-present The Cloud Security Reading List.