Release Date: 06/04/2025 | Issue: 282
Know someone who'd find this useful? Forward this email
CloudSecList is a newsletter for busy professionals who want to keep up to date with the cloud security industry. Hand-curated by Marco Lancini.
Sponsor

"We didn’t just patch things - we nuked the entire thing and rebuilt it"
In a new season of Tines’ Future of Security Operations podcast, Christofer Hoff, CSTO at LastPass, shares what it’s like to rebuild a security org from scratch - while navigating two major incidents. He also chats with host Thomas Kinsella about his approaches to tech debt, browser security, and AI adoption.

Listen now

This week's articles


MCP is the new interface for security tools
Security vendors are building official MCP servers because they see the value of making information and actions available to less technical users.   #defend   #process   #strategy


MCP Security Notification: Tool Poisoning Attacks
This vulnerability can lead to sensitive data exfiltration and unauthorized actions by AI models.   #attack   #supply-chain


IaC Ownership - Tag-based approach
The technical challenge of identifying ownership for NHIs created by IaC is much harder since the basic question of who is the owner of an IaC resource is much harder.   #iac   #terraform


How does Sendbird secure AWS?
How Sendbird matured its AWS security posture, empowering developers to deploy in a way that's both user-friendly and secure.   #aws   #defend   #strategy


ImageRunner: A Privilege Escalation Vulnerability Impacting GCP Cloud Run
The vulnerability could have allowed to abuse Google Cloud Run permissions in order to pull private Google Artifact Registry and Google Container Registry images in the same account.   #attack   #gcp


Invoking Misconfigured API Gateways from Any External AWS Accounts
Did you know a misconfigured private API Gateway can be invoked from any AWS account?   #attack   #aws


CPU_HU: Fileless cryptominer targeting exposed PostgreSQL with over 1.5K victims
Wiz Threat Research uncovers a stealthy cryptomining campaign exploiting weak PostgreSQL credentials.   #attack

Sponsor

What Insider Threats Actually Look Like - A Lesson from Rippling's Lawsuit
Join Ian Ahl, SVP of P0 Labs on April 10th as he combs through the Rippling lawsuit and demonstrates how security teams can better detect insider threat in their own environment. In this 45 minute webinar, you will learn:
  • How search logs can often show clear intent of threat actors
  • Why insider threats often strongly resemble attacks orchestrated by advanced threat actor groups
  • How security teams can better monitor for anomalous behavior in their own environments to detect insider threats early
Register Now

Tools


awscurl
Curl-like access to AWS resources with AWS Signature Version 4 request signing.


blackcat
A PowerShell module designed to validate the security of Microsoft Azure.


kubeip
Assign static public IPs to Kubernetes nodes (GKE, EKS).


awesome-mcp-servers
A collection of MCP servers.

From the cloud providers


#AWS   Planning for your IAM Roles Anywhere deployment
Before you start using IAM Roles Anywhere, it's important to plan how you'll integrate it with your PKI and with your applications running outside of AWS.


#AWS   Reduce triage time for security investigations with Amazon Detective visualizations and export data
New visualizations in Detective show the connections between entities related to multiple Amazon GuardDuty findings, and a new export data feature helps you use the data from Detective in your other tools and automated workflows.


#GCP   How to use custom Org Policies to enforce CIS benchmark for GKE
Google made implementing preventative controls easier with a custom Organization Policy library, which can apply controls to GKE and other Google Cloud services.

Thanks for reading!

If you found this newsletter helpful, I'd really appreciate if you could forward it to your friends and colleagues! 👌

If you have questions, comments, or feedback, let me know on Twitter (@lancinimarco / @CloudSecList), or at feedback.cloudseclist.com!

Thanks,
Marco
Forward Forward
Twitter Tweet
Share Share

How did you like this issue of CloudSecList?

1       2       3       4       5

Archives View in browser Sponsorship
© 2019-present CloudSecList · Marco Lancini