This week's articles
Identity and Access Management Whitepaper
CNCF TAG Security released an IAM whitepaper targeting architects and platform engineers, covering zero-trust vs. perimeter models, PEP/PDP-based authorization, SPIFFE workload identity, and authentication patterns for stateful and stateless cloud native workloads.
Securing CI/CD in an agentic world: Claude Code Github action case
Microsoft Threat Intelligence identified a prompt injection pathway in Claude Code GitHub Action that allowed access to workflow secrets under specific conditions. This research examines the attack chain, responsible disclosure process, Anthropic's mitigation, and guidance for securing AI-powered CI/CD workflows.
Entra Agent ID: The blueprint blast radius
Entra Agent ID is an extension of Entra's application model that provides identities for AI agents. Unlike applications, the agent identity model allows linking a single app registration (blueprint) to multiple identities and their associated privileges, increasing the potential blast radius of a compromised agent.
|
|
Tools
docker-mailserver
Production-ready fullstack but simple mail server (SMTP, IMAP, LDAP, Antispam, Antivirus, etc.) running inside a container.
warpgate
Fully transparent SSH, HTTPS, Kubernetes, MySQL and Postgres bastion/PAM that doesn't need additional client-side software.
local-cloud-browser
Mac-Native AWS GUI, enables you to perform some fundamental actions without a CLI mess.
EvidenceForge
Generate realistic synthetic security logs for cybersecurity threat hunting training and research.
visa-vulnerability-agentic-harness
Visa's open-source agentic SAST pipeline using frontier AI models for autonomous vulnerability discovery, with multi-agent voting, threat modeling, and SARIF output.
|
|
From the cloud providers
#AWS
Operationalizing AWS security: A maturity roadmap
A six-phase maturity roadmap for operationalizing AWS Security Hub and GuardDuty: assess current state, reduce alert noise via tuning, build tiered notification routing, implement automated remediation for high-confidence findings, establish recurring review cadences with metrics, then expand with Inspector, Macie, Security Lake, and preventive controls.
|
|
Thanks for reading!
|
If you found this newsletter helpful, I'd really appreciate if you could forward it to your friends and colleagues! ๐ If you have questions, comments, or feedback, let me know on Twitter ( @lancinimarco / @CloudSecList), or at feedback.cloudseclist.com! Thanks, Marco
|
|
|