Release Date: 12/04/2020 | Issue: 32
The Cloud Security Reading List is a low volume mailing list (once per week) that highlights security-related news focused on the cloud native landscape,
hand curated by Marco Lancini.

This week's articles


Threat Alert: Kinsing Malware Attacks Targeting Container Environments
The AquaSec team has been tracking an organized attack campaign that targets misconfigured open Docker Daemon API ports. In this attack, the attackers exploit a misconfigured Docker API port to run an Ubuntu container with the kinsing malicious malware, which in turn runs a cryptominer and then attempts to spread the malware to other containers and hosts.


Controlling outbound traffic from Kubernetes
Blog post from Monzo which explains how they managed to lock down egress traffic from Kubernetes using Envoy and CoreDNS.


Be careful when pulling images by short name
Today many users understand that they should always pull container images from a trusted source. Sadly, you can still be compromised if you don't use the full URL of the image. Users pulling without specifying the full path leaves them open to a form of attack called image squatting.


Everything We Learned Running Istio In Production
Lessons learned from the HelloFresh team on running Istio in production.


Finding SSRF via HTML Injection inside a PDF file on AWS EC2
How a Stored HTML Injection vulnerability escalated to a full Server Side Request forgery (SSRF) on an AWS EC2.


Vault Transform: Protecting Secrets in External Systems
Transform is a Secrets Engine that allows Vault to encode and decode sensitive values residing in external systems such as databases or file systems. This capability allows Vault to ensure that when an encoded secret’s residence system is compromised, such as when a database is breached and its data is exfiltrated, that those encoded secrets remain uncompromised even when held by an adversary.


k8s-observability-with-eck
Collect logs, metrics, and APM data from a Kubernetes environment, and store, analyze, and visualize the resulting information in Elastic Cloud on Kubernetes, which provides a Kubernetes Operator to deploy and manage Elasticsearch and Kibana in k8s.


panther
A Cloud-Native SIEM for analyzing logs in real-time and identifying suspicious activity that could indicate a breach. Panther also allows to identify misconfigurations, achieve compliance, and model security best practices in code.


ThreatMapper
Identify vulnerabilities in running containers, images, hosts and repositories.


How we abused Slack's TURN servers to gain access to internal services
Slack's TURN server allowed relaying of TCP connections and UDP packets to internal Slack network and meta-data services on AWS.


Kubernetes Authorization
Introductory article discussing the Role-Based Access Control (RBAC) and how you can use it to secure your cluster.


HashiCorp Vault Announces Integrated Storage General Availability
HashiCorp announced the general availability of the Integrated Storage backend for Vault with support for production workloads. Integrated Storage exists as a purely Vault internal storage option and eliminates the need to manage a separate storage backend.

From the cloud providers


AWS Icon  Amazon Elastic Container Service now supports Amazon EFS file systems
Both containers running on ECS and AWS Fargate will now be able to use Amazon Elastic File System (EFS).

Website
Twitter
Sponsor Me
View this email in your browser Copyright © 2019-present The Cloud Security Reading List.