Release Date: 21/06/2020 | Issue: 42
CloudSecList is a newsletter for busy professionals who want to keep up to date with the cloud security industry. Hand-curated by Marco Lancini.

If you received it, you either subscribed or someone forwarded it to you. If you fit in the latter camp and want to subscribe, then you can click on this button:
Sign Up

This week's articles

Uber's Approach to Cloud Security - Part 1
Uber is sharing details about their general purpose multi-cloud security monitoring platform to help other teams working through their approach.

Forensic Disk Copies in GCP & AWS
How to create forensic disk snapshots in AWS and GCP, making cloud DFIR a tad less painful.

Conducting a Cloud Assessment in AWS
Chris Farris put some thoughts together for conducting an AWS assessment when you're looking at a brand new organization (think, for example, at M&As).

AWS Security Tooling Diagram
This diagram provides an overview of various AWS security tooling services, and where those services fit into a Security & Compliance lifecycle.

AWS IAM Assume Role Vulnerabilities Found in Many Top Vendors
Blog post from Praetorian presenting the results from 90 Cloud Security vendors, showing that 37% had not implemented the "ExternalId" correctly to protect against confused-deputy attacks. This means their products could be abused to get access to their customers' environments.

An ongoing AWS phishing campaign
An ongoing campaign to steal AWS accounts through a phishing email which impersonates AWS and encourages the victim to click through to view a (fake) open support case.

Google Data Center Security: 6 Layers Deep
If you've ever wondered how to get into a Google datacenter, here's a video that shows what's involved. I have to admit I enjoyed watching it.

Monitor Elevate Access Activity In Azure
How to detect when an Azure AD Global Admin elevates their access to the Azure root management group.

Added --privileged flag to kubectl run
As of Kubernetes v1.19.0, kubectl will contain a new "--privileged" flag. Just to be clear, this flag only enables what you were already able to do using yaml, and it only does this for kubectl run which is for running one-off pods, not intended for deploying production workloads.


Kube2Hadoop: Secure access to HDFS from Kubernetes
To allow for Kubernetes workloads to securely access HDFS, Linkedin released Kube2Hadoop, a scalable and secure integration with HDFS Kerberos. This enables AI modelers at LinkedIn to use HDFS data in Kubernetes pods with access control through a user or a headless account.

Intentionally vulnerable cluster environment to learn and practice Kubernetes security. You can also play directly in browser for free using Katacoda Playground.

Kubernetes Admission Controller for Image Scanning using OPA, to validate the images you scan are actually the images you deploy in your K8S cluster.

kubectl-images is a kubectl plugin that shows the container images used in a cluster.

gimme-aws-creds is a CLI that utilizes an Okta IdP via SAML to acquire temporary AWS credentials via AWS STS.

A command-line tool to get valuable information out of AWS CloudTrail.

Some IR runbook samples from AWS, covering topics like DoS and credential leakage.

From the cloud providers

AWS Icon  AWS Security Incident Response Guide
This guide presents an overview of the fundamentals of responding to security incidents within a customer's AWS Cloud environment. It focuses on an overview of cloud security and incident response concepts, and identifies cloud capabilities, services, and mechanisms that are available to customers who are responding to security issues.

AWS Icon  Automating safe, hands-off deployments
Detailed post on how AWS practice continuous delivery, detailing all the steps their internal CI/CD pipelines take to safely deploy to production.

AWS Icon  Amazon Route 53 Launches New API Action to list Private Hosted Zones associated with your Amazon VPCs
It is now possible to identify which Private Hosted Zones are associated with each VPC by calling the new ListHostedZonesByVPC API action.

AWS Icon  A Shared File System for Your Lambda Functions
AWS Lambda functions can now mount an Amazon Elastic File System (EFS), a scalable and elastic NFS file system storing data within and across multiple availability zones (AZ) for high availability and durability.

AWS Icon  EC2 Image Builder now supports connectivity through AWS PrivateLink
EC2 Image Builder is now integrated with AWS PrivateLink which enables customers to privately access EC2 Image Builder from Amazon Virtual Private Clouds (VPC) without using public IPs, and without requiring the traffic to traverse across the Internet.

GCP Icon  Setting up advanced network threat detection with Packet Mirroring
Packet Mirroring offers full packet capture capability, allowing you to identify network anomalies within and across VPCs, internal traffic from VMs to VMs, traffic between end locations on the internet and VMs, and also traffic between VMs to Google services in production.

Azure Icon  New Azure maps make identifying local compliance options easy
Microsoft released a new infographic, along with a 37-page e-book showing compliance details in over 30 key geographies.

Thanks for reading!

If you found this newsletter helpful, I'd really appreciate if you could forward it to your friends and colleagues! 👌

If you have questions, comments, or feedback, let me know on Twitter (@lancinimarco / @CloudSecList), or at!

Forward Forward
Twitter Tweet
Share Share

How did you like this issue of CloudSecList?

1       2       3       4       5

Archives View in browser Sponsorship
© 2019-present, CloudSecList by Marco Lancini.