Release Date: 02/11/2025 | Issue: 312
Know someone who'd find this useful? Forward this email
CloudSecList is a newsletter for busy professionals who want to keep up to date with the cloud security industry. Hand-curated by Marco Lancini.
Sponsor

Chainguard

Vulnerability management has long been reactive. Detect a CVE, apply a patch, and repeat. Chainguard takes a different approach: eliminate CVEs from the start. With 1,700+ images rebuilt from source daily, a 7-day CVE remediation SLA, and verified SBOMs and provenance, Chainguard helps organizations move from reactive patching to proactive integrity—giving them a secure-by-default foundation from the start.

images.chainguard.dev

This week's articles


Visibility at Scale: How Figma Detects Sensitive Data Exposure
Figma built Response Sampling, a real-time monitoring system that samples API responses to detect sensitive data exposure. It validates access permissions asynchronously, catches authorization bugs in staging and production, and integrates with their FigTag data categorization system to protect all sensitive fields.   #monitor   #saas   #strategy


Decrypting VM Extension Settings with Azure WireServer
A method for decrypting Azure VM extension protected settings by interacting directly with the Azure WireServer service, bypassing the need to access local files.   #azure   #attack


Vietnamese Actors Using Fake Job Posting Campaigns to Deliver Malware and Steal Credentials
Vietnamese threat actors (UNC6229) use fake job postings on legitimate platforms targeting digital advertising workers. They deliver malware or phishing kits to steal credentials and hijack high-value corporate advertising accounts for monetization.   #attack


Querying Terraform state with AWS Athena
How to use AWS Athena to query Terraform state files stored in S3, enabling SQL queries across organizational infrastructure resources.   #aws   #terraform   #iac


From Path Traversal to Supply Chain Compromise: Breaking MCP Server Hosting
A path traversal vulnerability in Smithery.ai that compromised over 3,000 MCP servers and exposed thousands of API keys. Here's how a single Docker build bug nearly triggered one of the largest AI supply chain attacks to date.   #attack   #supply-chain   #containers   #ai   #saas


Vulnerabilities in LUKS2 disk encryption for confidential VMs
Trail of Bits is disclosing vulnerabilities in confidential computing systems that use LUKS2 for disk encryption. These vulnerabilities allow attackers with access to storage disks to extract confidential data and modify contents.   #attack   #gcp   #aws   #azure


Advancing Our Chef Infrastructure: Safety Without Disruption
Slack's engineering team has enhanced its Chef infrastructure to improve deployment safety and reliability without causing disruption to service owners. Instead of a complex migration to Chef Policyfiles, they focused on practical improvements to their existing EC2 and Chef frameworks.   #aws   #ci/cd   #iac   #strategy

Sponsor CloudSecList in 2026

Want to reach cloud security decision-makers at companies that matter?

CloudSecList subscribers at Apple, Google, Amazon, Microsoft, and 100+ top companies specifically chose this newsletter for cloud security content. Engineers running POCs. Architects writing RFPs. Security leaders with budget authority.

Now booking 2026: 🔗 cloudseclist.com/sponsor

Tools


Termix
A web-based server management platform with SSH terminal, tunneling, and file editing capabilities.


mcp-scanner
Scan MCP Servers for vulnerabilities.


proximity
An MCP security scanner powered with NOVA.


nydus
The Dragonfly image service, providing fast, secure and easy access to container images.


SockTail
Lightweight binary that joins a device to a Tailscale network and exposes a local SOCKS5 proxy. Designed for red team operations and ephemeral access into restricted environments using Tailscale's embedded client.

From the cloud providers


#AWS   Centralized Logs for AWS CloudFormation StackSets
This post demonstrates centralizing CloudFormation StackSets logs from multiple AWS accounts into a management account using EventBridge and CloudWatch Logs, enabling unified monitoring and troubleshooting of multi-account deployments through automated event forwarding and consolidated logging infrastructure.


#GCP   Announcing docs.cloud.google.com
A new, dedicated home for all Google Cloud technical documentation at https://docs.cloud.google.com.


#GCP   A practical guide to Google Cloud's Parameter Manager
Google Cloud Parameter Manager is designed to reduce unnecessarily sharing key cloud configurations, and it works with many types of data formats.


#GCP   A Defender's Guide to Privileged Account Monitoring
Recommendations and insights into preventing, detecting, and responding to intrusions targeting privileged accounts.

Business News

Thanks for reading!

If you found this newsletter helpful, I'd really appreciate if you could forward it to your friends and colleagues! 👌

If you have questions, comments, or feedback, let me know on Twitter (@lancinimarco / @CloudSecList), or at feedback.cloudseclist.com!

Thanks,
Marco
Forward Forward
Twitter Tweet
Share Share

How did you like this issue of CloudSecList?

1       2       3       4       5

Archives View in browser Sponsorship
© 2019-present CloudSecList · Marco Lancini