Release Date: 24/08/2025 | Issue: 302
Know someone who'd find this useful? Forward this email
CloudSecList is a newsletter for busy professionals who want to keep up to date with the cloud security industry. Hand-curated by Marco Lancini.
Sponsor

Free 'Autoswagger' Tool Finds the API Flaws Attackers Hope You Miss

The 2022 Optus breach exposed millions of records via a weak API. Today, Intruder still finds the same issues at major companies – some so simple your gran could exploit them. That’s why we built Autoswagger: a free, open-source tool that detects unauthenticated APIs leaking sensitive data – before attackers do.
See the real vulns our team found and get Autoswagger via GitHub to make sure you stay out of the headlines.

This week's articles


Scaling On-Prem Security at Palantir
How Palantir leverages Insight, Foundry, and Apollo to keep thousands of servers in check.   #defend   #strategy


Using AWS Certificate Manager as a covert exfiltration mechanism
This article demonstrates how AWS Certificate Manager can be exploited as a data exfiltration mechanism by storing arbitrary data in X.509 certificates' nsComments extension, allowing up to 2MB per certificate.   #attack   #aws


Enumerating AWS the quiet way: CloudTrail-free discovery with Resource Explorer
Discover how attackers could quietly enumerate AWS resources via Resource Explorer, and how Datadog and AWS worked together to close the visibility gap.   #attack   #aws   #monitor


Zero-Day Clickjacking Vulnerabilities in Major Password Managers
At DEF CON 33 a security researcher unveiled a series of unpatched zero-day clickjacking security vulnerabilities impacting the browser-based plugins for a wide range of password managers including: 1Password, Bitwarden, Dashlane, Enpass, iCloud Passwords, Keeper, LastPass, LogMeOnce, NordPass, ProtonPass, and RoboForm.   #attack   #saas


Another ECS Privilege Escalation Path
Post covering a privilege escalation vector which relies on using functionality designed for the ECS agent to self-register a compromised EC2 and override a task definition.   #attack   #aws


GitHub Actions policy now supports blocking and SHA pinning actions
GitHub Actions policy adds blocking specific actions/versions and enforcing SHA pinning to limit exposure to compromised dependencies and strengthen supply chain security.   #announcement   #ci/cd


Terraform Cloud token abuse turns speculative plan into remote code execution
Speculative plan can run code on runners and expose cloud credentials. Learn how tokens are abused and how to lock it down with policy and dynamic creds.   #attack   #terraform

Tools


yaraast
A powerful Python library and CLI tool for parsing, analyzing, and manipulating YARA rules through Abstract Syntax Tree (AST) representation.


tfclean
Tfclean is tool to remove applied moved block, import block, etc.


auth0-customer-detections
This repository contains a collection of detection rules for security monitoring of Auth0 environments.


Certipy
Tool for Active Directory Certificate Services enumeration and abuse.

From the cloud providers


#AWS   AWS IAM Identity Center introduces support for user background sessions with Amazon SageMaker Studio
AWS IAM Identity Center introduces support for user background sessions, a new feature which allows Amazon SageMaker Studio users to initiate long-running jobs that continue to run in the background even after a user logs off from their computer.


#GCP   From silos to synergy: New Compliance Manager, now in preview
Google Cloud Compliance Manager, now in preview, can help simplify and enhance how organizations manage security, privacy, and compliance in the cloud.


#GCP   IP address management made easy: Announcing auto IPAM for GKE clusters
Google Kubernetes Engine now offers Auto-IPAM, to simplify IP Address Management (IPAM) and improve IP efficiency for your GKE clusters.


#GCP   Now available: Cloud HSM as an encryption key service for Workspace client-side encryption
To help highly-regulated organizations meet their encryption key service obligation, Google is now offering Cloud HSM for Google Workspace CSE customers.


#GCP   Beyond guardrails: A taxonomy of platform engineering control mechanisms
Learn how to control the platform engineering application lifecycle with golden paths, guardrails, safety nets, and manual checkpoints and reviews.


#GCP   Going beyond basic data security with Google Cloud DSPM
Google Cloud DSPM provides end-to-end governance for data security, privacy, and compliance. Here's how it can help you.

Thanks for reading!

If you found this newsletter helpful, I'd really appreciate if you could forward it to your friends and colleagues! πŸ‘Œ

If you have questions, comments, or feedback, let me know on Twitter (@lancinimarco / @CloudSecList), or at feedback.cloudseclist.com!

Thanks,
Marco
Forward Forward
Twitter Tweet
Share Share

How did you like this issue of CloudSecList?

1       2       3       4       5

Archives View in browser Sponsorship
Β© 2019-present CloudSecList Β· Marco Lancini