Release Date: 23/03/2025 | Issue: 280
Know someone who'd find this useful? Forward this email
CloudSecList is a newsletter for busy professionals who want to keep up to date with the cloud security industry. Hand-curated by Marco Lancini.
Sponsor

Free Cloud Data Risk Assessment
With sensitive data across multiple cloud applications, it can be hard to know where exactly the data lives and who has access to itβ€”making you more susceptible to a data breach. Our Cloud Data Risk Assessment was designed to solve this.
Covering AWS, Azure, Google Cloud and more, it provides an in-depth look into your data and blast radius, at no cost. Easily map multi-cloud sensitive data risk and get a clear path to remediation within 24 hours, with the industry's most advanced cloud data risk assessment.

Start Your Free Assessment

This week's articles


IssueOps: Automate CI/CD (and more!) with GitHub Issues and Actions - The GitHub Blog
A look into building IssueOps workflows on GitHub to do everything from CI/CD to handling approvals and more.   #build   #ci/cd   #process


SAML roulette: the hacker always wins
How to chain round-trip attacks and namespace confusion to achieve unauthenticated admin access on GitLab Enterprise by exploiting the ruby-saml library.   #attack   #ci/cd


Measuring the Success of Your Adversary Simulations
Success in these engagements is not solely determined by the number of findings but by how well the intended objectives align with the outcomes.   #defend   #strategy


GitHub Action changed-files supply chain attack
A supply chain attack on GitHub Action tj-actions/changed-files caused many repositories to leak their secrets.   #attack   #ci/cd   #supply-chain


GitHub Action supply chain attack: reviewdog/action-setup
A supply chain attack on tj-actions/changed-files leaked secrets. Wiz Research found another attack on reviewdog/actions-setup, possibly causing the compromise.   #attack   #ci/cd   #supply-chain


Understanding and Re-Creating the tj-actions/changed-files Supply Chain Attack
Another article breaking down the tj-actions/changed-files supply chain attack.   #attack   #ci/cd   #supply-chain


!exploitable Episode Three - Devfile Adventures
Post diving into the exploitation of CVE-2024-0402 in GitLab, impacting the GitLab Workspaces functionality.   #attack   #ci/cd


AWS CloudWatch log ingestion to Microsoft Sentinel
A solution using CloudWatch log subscription filters to stream logs to an S3 bucket via Kinesis Firehose.   #aws   #azure   #monitor


Understanding Elevate Access mechanism, its implementation, and logs where activities are recorded
This article aims to provide a deeper technical understanding of the Elevate Access mechanism, including its underlying implementation, the specific logs where activities are recorded, when you DON'T need Elevate Access to get the same permissions, and the practical techniques attackers use to leverage it.   #azure   #explain   #iam

Tools


noseyparker
A command-line program that finds secrets and sensitive information in textual data and Git history.


recog
Pattern recognition for hosts, services, and content.


detection.studio
Convert Sigma rules to SIEM queries, directly in your browser.


poc-watermark
Generate Watermarked Images from Pseudorandom Codes.


markitdown
Python tool for converting files and office documents to Markdown.

From the cloud providers


#AWS   AWS KMS CloudWatch metrics help you better track and understand how your KMS keys are being used
Several use cases to help you better take advantage of the newly introduced CloudWatch metrics to manage your AWS KMS API usage and costs.


#AWS   Manage authorization within a containerized workload using Amazon Verified Permissions
Post exploring four patterns for integrating Verified Permissions into a containerized environment.


#GCP   Session Stealing in Seconds Using the Browser-in-the-Middle Technique
Mandiant has developed an internal tool (Delusion) for performing BitM attacks, enabling an operator to target a specific application without possessing prior knowledge about the authentication protocols employed by the application.


#GCP   Gemini in Workspace apps and the Gemini app are first to achieve FedRAMP High authorization
Gemini in Workspace apps and the Gemini app are the first generative AI assistants for productivity and collaboration suites to have achieved FedRAMP High authorization.


#GCP   Streamlined Security: Introducing Network Security Integration
Network Security Integration can help you integrate third-party network appliance or service deployments with your Google Cloud workloads.


#GCP   Protecting your APIs from OWASP's top 10 security threats
Google compared OWASP's top 10 API security threats list to the security capabilities of Apigee.

Sponsor CloudSecList in 2025

If you want to get your product in front of thousands of security professionals, ranging from engineers to CISOs and VCs, at companies ranging from small start-ups to Fortune500 and FAANG, take a look at:
πŸ”— cloudseclist.com/sponsor

Business News

Thanks for reading!

If you found this newsletter helpful, I'd really appreciate if you could forward it to your friends and colleagues! πŸ‘Œ

If you have questions, comments, or feedback, let me know on Twitter (@lancinimarco / @CloudSecList), or at feedback.cloudseclist.com!

Thanks,
Marco
Forward Forward
Twitter Tweet
Share Share

How did you like this issue of CloudSecList?

1       2       3       4       5

Archives View in browser Sponsorship
Β© 2019-present CloudSecList Β· Marco Lancini