Release Date: 12/04/2020 | Issue: 32
CloudSecList is a newsletter for busy professionals who want to keep up to date with the cloud security industry. Hand-curated by Marco Lancini.

If you received it, you either subscribed or someone forwarded it to you. If you fit in the latter camp and want to subscribe, then you can click on this button:
Sign Up

This week's articles

Threat Alert: Kinsing Malware Attacks Targeting Container Environments
The AquaSec team has been tracking an organized attack campaign that targets misconfigured open Docker Daemon API ports. In this attack, the attackers exploit a misconfigured Docker API port to run an Ubuntu container with the kinsing malicious malware, which in turn runs a cryptominer and then attempts to spread the malware to other containers and hosts.

Controlling outbound traffic from Kubernetes
Blog post from Monzo which explains how they managed to lock down egress traffic from Kubernetes using Envoy and CoreDNS.

Be careful when pulling images by short name
Today many users understand that they should always pull container images from a trusted source. Sadly, you can still be compromised if you don't use the full URL of the image. Users pulling without specifying the full path leaves them open to a form of attack called image squatting.

Everything We Learned Running Istio In Production
Lessons learned from the HelloFresh team on running Istio in production.

Finding SSRF via HTML Injection inside a PDF file on AWS EC2
How a Stored HTML Injection vulnerability escalated to a full Server Side Request forgery (SSRF) on an AWS EC2.

Vault Transform: Protecting Secrets in External Systems
Transform is a Secrets Engine that allows Vault to encode and decode sensitive values residing in external systems such as databases or file systems. This capability allows Vault to ensure that when an encoded secret’s residence system is compromised, such as when a database is breached and its data is exfiltrated, that those encoded secrets remain uncompromised even when held by an adversary.

Collect logs, metrics, and APM data from a Kubernetes environment, and store, analyze, and visualize the resulting information in Elastic Cloud on Kubernetes, which provides a Kubernetes Operator to deploy and manage Elasticsearch and Kibana in k8s.

A Cloud-Native SIEM for analyzing logs in real-time and identifying suspicious activity that could indicate a breach. Panther also allows to identify misconfigurations, achieve compliance, and model security best practices in code.

Identify vulnerabilities in running containers, images, hosts and repositories.

How we abused Slack's TURN servers to gain access to internal services
Slack's TURN server allowed relaying of TCP connections and UDP packets to internal Slack network and meta-data services on AWS.

Kubernetes Authorization
Introductory article discussing the Role-Based Access Control (RBAC) and how you can use it to secure your cluster.

HashiCorp Vault Announces Integrated Storage General Availability
HashiCorp announced the general availability of the Integrated Storage backend for Vault with support for production workloads. Integrated Storage exists as a purely Vault internal storage option and eliminates the need to manage a separate storage backend.

From the cloud providers

AWS Icon  Amazon Elastic Container Service now supports Amazon EFS file systems
Both containers running on ECS and AWS Fargate will now be able to use Amazon Elastic File System (EFS).

Thanks for reading!

If you found this newsletter helpful, I'd really appreciate if you could forward it to your friends and colleagues! πŸ‘Œ

If you have questions, comments, or feedback, let me know on Twitter (@lancinimarco / @CloudSecList), or at!

Forward Forward
Twitter Tweet
Share Share

How did you like this issue of CloudSecList?

1       2       3       4       5

Archives View in browser Sponsorship
Β© 2019-present, CloudSecList by Marco Lancini.