This week's articles
Record AWS API calls to improve IAM Policies
#aws, #iam, #defend
Have you ever looked at an IAM policy and wondered: Is it really necessary to grant access to this specific action? CloudTrail can help here, but there is something better: Record API calls with Client Side Monitoring.
Exploring Cloud Trust Relationships: AWS
#aws, #explain
First in a series exploring mapping trust in different cloud providers. This post looks at 11 different aws security scanning tools and talks about some pros and cons with each.
Preventing malicious use of Weave Scope
#k8s, #defend
Intezer and Microsoft reported this week that TeamTNT hackers are using Weave Scope to aid their intrusions. As Weave Scope is an administration tool, it has powerful capabilities making it important for any installation to be secured. This blog covers both how Scope is used and how you can prevent it being misused by securing it in any Kubernetes installation.
Falco Default Rule Bypass
#k8s, #falco, #defend
Darkbit discovered a bypass for a Falco default rule, whereby cleverly named images running as privileged and/or mounting sensitive paths can avoid generating alerts. It is recommended to update your "falco_rules.yaml" to the latest version.
Falco Update: What's new in Falco?
#k8s, #falco, #explain
CNCF post describing the top five new features released in Falco 0.25 (like rules improvements, gRPC for alerts, and more).
Using AWS IoT for mutual TLS in a web application
#aws, #develop
Is there a way to support a client certificate-based "device trust" feature natively in AWS? Turns out you can use X.509 client certificates to authenticate your Chrome browser to AWS using AWS IoT.
Purchased Microsoft 365 E5, Now What?
#microsoft, #defend
The Microsoft 365 E5 suite is essentially a large amount of products Microsoft offers for the Enterprise environment, more focused towards the security and compliance areas. The purchasing of E5 licensing means an organization now has unlocked a lot of Microsoft products and the common question seen afterwards is, "where do I start?".
CNCF End User Technology Radar - Continuous Delivery
#ci/cd, #develop
The CNCF End User Community was asked to describe what their companies recommend for different solutions: Adopt, Trial, Assess or Hold. This table shows how the End User companies rated each technology.
|
|
Tools
iam-policies-cli
A CLI tool for building simple to complex IAM policies based on CloudFormation templates.
kubectl-fuzzy
kubectl-fuzzy uses fzf(1)-like fuzzy-finder to do partial or fuzzy search of Kubernetes resources. Instead of specifying full resource names to kubectl commands, you can choose them from an interactive list that you can filter by typing a few characters.
whalescan
Whalescan is a vulnerability scanner for Windows containers, which performs several benchmark checks, as well as checking for CVEs/vulnerable packages on the container. It also checks the config and Docker files for misconfigurations.
syft
CLI tool and library for generating a Software Bill of Materials from container images and filesystems.
|
|
Thanks for reading!
|
If you found this newsletter helpful, I'd really appreciate if you could forward it to your friends and colleagues! 👌 If you have questions, comments, or feedback, let me know on Twitter ( @lancinimarco / @CloudSecList), or at feedback.cloudseclist.com! Thanks, Marco
|
|
|