This week's articles
GKE Kubelet TLS Bootstrap Privilege Escalation
Kubernetes has a wide range of attack vectors, and many common attacks are on the Kubernetes attack matrix. The RhinoSecurity team explored the GKE Kubelet TLS Bootstrap privilege escalation attack, starting with compromised CGP credentials, then stole TLS Bootstrap credentials by listing Compute Engine instances, generated and submitted CSRs, acted as worker nodes, stole secrets and gained cluster admin access in a GKE cluster.
How we use HashiCorp Nomad
Interesting article from Cloudflare which walks through the reliability model of services running in more than 200 edge cities worldwide.
Monitoring AWS Fargate with Prometheus and Sysdig
Fargate does not allow privileged pods. So, how can you monitor Fargate and other serverless services if you can’t install agents on them? You'll need to rely on an intermediary like AWS CloudWatch.
Unsecured databases attacked 18 times per day
Someone did set up an Elasticsearch honeypot and watched it destroyed. Over three dozen attacks occurred before the database was even indexed by search engines like Shodan / BinaryEdge.
|
|
Tools
amazon-s3-find-and-forget
A solution to selectively find and erase records from data lakes stored on Amazon S3. This solution can assist data lake operators to handle data erasure requests, for example, pursuant to the European General Data Protection Regulation (GDPR).
k8s-audit-log-inspector
Want to study how k8s audit logs work? This repo provides a Vagrant box configuration that: sets up microk8s with audit logging configured, sets up Elasticsearch and Kibana, and sets up filebeat to watch the microk8s audit logs and ship them to Elastic.
Adaz: Active Directory Hunting Lab in Azure
Project that allows to easily spin up Active Directory labs in Azure with domain-joined workstations, Windows Event Forwarding, Kibana, and Sysmon using Terraform/Ansible.
|
|
From the cloud providers
Software Package Management with AWS CodeArtifact
Amazon introduced AWS CodeArtifact, a secure, scalable, and cost-effective artifact management service for software development. Today, CodeArtifact can be used with popular build tools and package managers such as Maven and Gradle (for Java), npm and yarn (for Javascript), and pip and twine (for Python).
AWS Shield Threat Landscape report is now available
The AWS Shield Threat Landscape Report (TLR) provides a summary of threats detected by AWS Shield. This includes rules and mitigations for services like AWS Managed Rules for AWS WAF and AWS Shield Advanced.
AWS Shield Advanced now supports proactive response to events
AWS Shield Advanced now allows proactive engagement from the DDoS Response Team (DRT) when a DDoS event is detected. When you turn on proactive engagement, the DRT will directly contact you if an Amazon Route 53 health check associated with your protected resource becomes unhealthy during an event that's detected by Shield Advanced.
AWS achieves its first PCI 3DS attestation
AWS has achieved its first PCI 3-D Secure (3DS) certification. Financial institutions and payment providers are implementing EMV 3-D Secure services to support application-based authentication, integration with digital wallets, and browser-based e-commerce transactions. Although AWS doesn’t perform 3DS functions directly, the AWS PCI 3DS attestation of compliance enables customers to attain their own PCI 3DS compliance for their services running on AWS.
Introducing table-level access controls in BigQuery
The new BigQuery table-level access controls (table ACLs) enable to control data and share it at an even finer granularity. Table ACLs also bring closer compatibility with other data warehouse systems where the base security primitives include tables—allowing migration of security policies more easily.
|
|
Thanks for reading!
|
If you found this newsletter helpful, I'd really appreciate if you could forward it to your friends and colleagues! 👌 If you have questions, comments, or feedback, let me know on Twitter ( @lancinimarco / @CloudSecList), or at feedback.cloudseclist.com! Thanks, Marco
|
|
|