Release Date: 18/10/2020 | Issue: 59
The Cloud Security Reading List is a low volume mailing list (once per week) that highlights security-related news focused on the cloud native landscape,
hand curated by Marco Lancini.

This week's articles


Public dataset of Cloudtrail logs from flaws.cloud
#aws, #defend
SummitRoute made 3.5 years of anonymized Cloudtrail logs from flaws.cloud available for security research, with guidance on how to analyze these with Athena. This is nearly 2M log events from nearly 10K "attackers".


Kud I Enter Your Server? New Vulnerabilities in Microsoft Azure
#azure, #attack
Two vulnerabilities were discovered in Azure App Services. The first enabled an attacker with access to the server to take over the App Service's git repository and implant phishing pages accessible through the Azure Portal. The second vulnerability allowed an attacker with an existing low-severity vulnerability on the application (SSRF) to upgrade to full code execution on the App Service and trigger the first vulnerability.


Multiple issues in aws-iam-authenticator
#aws, #k8s, #attack
Another issue found by Google's Project Zero, this time affecting aws-iam-authenticator, implemented on top of the sts:GetCallerIdentity AWS API.


Announcing HashiCorp Waypoint
#announcement, #hashicorp, #build
HashiCorp released Waypoint, a new open source project that provides developers a consistent workflow to build, deploy, and release applications across any platform. To really understand what Waypoint is (and isn't), I highly recommend this blog from @copyconstruct.


Announcing HashiCorp Boundary
#announcement, #hashicorp, #aws, #build
HashiCorp released Boundary, a new open source project that enables to securely access dynamic hosts and services with fine-grained authorization without requiring direct network access. The Boundary AWS Reference Architecture repo contains Terraform configuration for deploying Boundary in HA mode in AWS.


Announcing Vault on the HashiCorp Cloud Platform
#announcement, #hashicorp, #vault
HashiCorp announced the private beta for HashiCorp Vault running on the HashiCorp Cloud Platform (HCP), which is a fully managed cloud offering to automate the deployment of HashiCorp products.


Announcing Consul Terraform Sync Tech Preview
#announcement, #hashicorp, #terraform
HashiCorp released Consul Terraform Sync, which allows you to configure event-triggered Terraform runs for managing network infrastructure.


Introducing Cloudflare One
#announcement, #cloudflare
As stated by Cloudflare: "It provides secure, fast, reliable, cost-effective network services, integrated with leading identity management and endpoint security providers".


Single Sign-On in Kubernetes
#k8s, #build
How to create a service, exposing it with an Ingress, and adding Single Sign On.


Fine-tune access to external (Github) Actions
#github, #ci/cd
Now enterprise, organization, and repository administrators can define an allow list and fine-tune access to external Github Actions, making it easier to achieve security and compliance goals.


Running Falco and k3s at the edge with 64-bit ARM
#k8s, #falco, #build
How to configure Falco to run at the edge with k3s on an ARM64 host, an AWS Graviton instance, or a Raspberry Pi 4.


K3s + Sysdig: Deploying and securing your cluster in less than 8 minutes!
#k8s, #falco, #build
Walk through of a k3s deployment leveraging Falco for increasing security and visibility.

Tools


Applying IAM Recommendations at Scale
How to use GCP's IAM Recommender to explore how to enforce least-privilege at scale.


sshizzle
Serverless, Zero-Trust SSH for Microsoft Azure.


wernicke
A redaction tool for structured data (like logs). Run wernicke with JSON on stdin, get redacted values out. Preserves structure and (to some extent) semantics.


gitlab-watchman
GitLab Watchman is an application that uses the GitLab API to audit GitLab for sensitive data and credentials exposed internally.

From the cloud providers


AWS Icon  How to automatically archive expected IAM Access Analyzer findings
How to automatically archive Access Analyzer findings for expected events, such as authorized resource access. The benefit of automatically archiving expected findings is to help you reduce distraction from findings that don't require action, enabling you to concentrate on remediating any unexpected access to your shared resources.


AWS Icon  How to use AWS Config to determine compliance of AWS KMS key policies to your specifications
How to use AWS Config to create compliance rules that will scan AWS KMS key policies to determine whether they follow your company's guidelines for least privilege.


GCP Icon  Now, setting up continuous deployment for Cloud Run is a snap
Cloud Run now allows you to set up continuous deployment in just a few clicks: From the Cloud Run user interface, you can now easily connect to your Git repository and set up continuous deployment to automatically build and deploy your code to your Cloud Run and Cloud Run or Anthos services.


GCP Icon  Static outbound IP address
Cloud Run now supports setting a static IP address for outbound (egress) connections from serverless containers. You can now connect to external DBs/APIs with a particular IP address you can whitelist.


Azure Icon  Using Jupyter Notebook to analyze and visualize Azure Sentinel Analytics and Hunting Queries
The Azure Sentinel Github repo contains out of the box detections, exploration queries, hunting queries, workbooks, playbooks and much more to help you get ramped up with Azure Sentinel and provide you security content to secure your environment and hunt for threats.

Website
Twitter
Sponsor Me
View this email in your browser Copyright © 2019-present The Cloud Security Reading List.