Release Date: 21/06/2020 | Issue: 42
The Cloud Security Reading List is a low volume mailing list (once per week) that highlights security-related news focused on the cloud native landscape,
hand curated by Marco Lancini.

This week's articles


Uber's Approach to Cloud Security - Part 1
Uber is sharing details about their general purpose multi-cloud security monitoring platform to help other teams working through their approach.


Forensic Disk Copies in GCP & AWS
How to create forensic disk snapshots in AWS and GCP, making cloud DFIR a tad less painful.


Conducting a Cloud Assessment in AWS
Chris Farris put some thoughts together for conducting an AWS assessment when you're looking at a brand new organization (think, for example, at M&As).


AWS Security Tooling Diagram
This diagram provides an overview of various AWS security tooling services, and where those services fit into a Security & Compliance lifecycle.


AWS IAM Assume Role Vulnerabilities Found in Many Top Vendors
Blog post from Praetorian presenting the results from 90 Cloud Security vendors, showing that 37% had not implemented the "ExternalId" correctly to protect against confused-deputy attacks. This means their products could be abused to get access to their customers' environments.


An ongoing AWS phishing campaign
An ongoing campaign to steal AWS accounts through a phishing email which impersonates AWS and encourages the victim to click through to view a (fake) open support case.


Google Data Center Security: 6 Layers Deep
If you've ever wondered how to get into a Google datacenter, here's a video that shows what's involved. I have to admit I enjoyed watching it.


Monitor Elevate Access Activity In Azure
How to detect when an Azure AD Global Admin elevates their access to the Azure root management group.


Added --privileged flag to kubectl run
As of Kubernetes v1.19.0, kubectl will contain a new "--privileged" flag. Just to be clear, this flag only enables what you were already able to do using yaml, and it only does this for kubectl run which is for running one-off pods, not intended for deploying production workloads.

Tools


Kube2Hadoop: Secure access to HDFS from Kubernetes
To allow for Kubernetes workloads to securely access HDFS, Linkedin released Kube2Hadoop, a scalable and secure integration with HDFS Kerberos. This enables AI modelers at LinkedIn to use HDFS data in Kubernetes pods with access control through a user or a headless account.


kubernetes-goat
Intentionally vulnerable cluster environment to learn and practice Kubernetes security. You can also play directly in browser for free using Katacoda Playground.


opa-image-scanner
Kubernetes Admission Controller for Image Scanning using OPA, to validate the images you scan are actually the images you deploy in your K8S cluster.


kubectl-images
kubectl-images is a kubectl plugin that shows the container images used in a cluster.


gimme-aws-creds
gimme-aws-creds is a CLI that utilizes an Okta IdP via SAML to acquire temporary AWS credentials via AWS STS.


trailscraper
A command-line tool to get valuable information out of AWS CloudTrail.


aws-incident-response-runbooks
Some IR runbook samples from AWS, covering topics like DoS and credential leakage.

From the cloud providers


AWS Icon  AWS Security Incident Response Guide
This guide presents an overview of the fundamentals of responding to security incidents within a customer's AWS Cloud environment. It focuses on an overview of cloud security and incident response concepts, and identifies cloud capabilities, services, and mechanisms that are available to customers who are responding to security issues.


AWS Icon  Automating safe, hands-off deployments
Detailed post on how AWS practice continuous delivery, detailing all the steps their internal CI/CD pipelines take to safely deploy to production.


AWS Icon  Amazon Route 53 Launches New API Action to list Private Hosted Zones associated with your Amazon VPCs
It is now possible to identify which Private Hosted Zones are associated with each VPC by calling the new ListHostedZonesByVPC API action.


AWS Icon  A Shared File System for Your Lambda Functions
AWS Lambda functions can now mount an Amazon Elastic File System (EFS), a scalable and elastic NFS file system storing data within and across multiple availability zones (AZ) for high availability and durability.


AWS Icon  EC2 Image Builder now supports connectivity through AWS PrivateLink
EC2 Image Builder is now integrated with AWS PrivateLink which enables customers to privately access EC2 Image Builder from Amazon Virtual Private Clouds (VPC) without using public IPs, and without requiring the traffic to traverse across the Internet.


GCP Icon  Setting up advanced network threat detection with Packet Mirroring
Packet Mirroring offers full packet capture capability, allowing you to identify network anomalies within and across VPCs, internal traffic from VMs to VMs, traffic between end locations on the internet and VMs, and also traffic between VMs to Google services in production.


Azure Icon  New Azure maps make identifying local compliance options easy
Microsoft released a new infographic, along with a 37-page e-book showing compliance details in over 30 key geographies.

Website
Twitter
Sponsor Me
View this email in your browser Copyright © 2019-present The Cloud Security Reading List.