Release Date: 15/11/2020 | Issue: 63
CloudSecList is a newsletter for busy professionals who want to keep up to date with the cloud security industry. Hand-curated by Marco Lancini.

If you received it, you either subscribed or someone forwarded it to you. If you fit in the latter camp and want to subscribe, then you can click on this button:
Sign Up

This week's articles

Announcing OpenCSPM - An Open-Source Cloud Security Posture Management and Workflow Platform   #aws, #gcp, #defend, #announcement
OpenCSPM is an open-source platform developed by Darkbit that aims to make continuous cloud security posture assessments of cloud environments a practical reality for security and compliance teams alike. It offers a unique approach to manage the firehose of security and compliance check results that even modest AWS and GCP environments can surface, and its control definitions allow for simple yet powerful levels of introspection of its graph data model.

Announcing Curiefense: An Open-Source Security Platform   #k8s, #defend, #announcement
Curiefense is a free, open-source, web security platform that extends Envoy Proxy to include WAF, Bot Management, application-layer DDoS, & more.

Blind Spots in the Cloud   #aws, #gcp, #defend
High-level post reviewing logging and visibility options offered by AWS and GCP, and discussing blind spots and how to eliminate them.

Announcing HashiCorp Vault 1.6   #vault, #announcement
This release features Integrated Storage enhancements, a new Key Management Secrets Engine, Transform Secrets Engine updates, and more.

Terraform 0.14 Adds the Ability to Redact Sensitive Values in Console Output   #terraform, #ci/cd
Terraform 0.14 allows users to define values as "sensitive", making it easier to redact sensitive information in Terraform workflows.

Deploying changes to your Auth0 accounts with GitHub Actions   #ci/cd, #build
How the Auth0 Deploy CLI and GitHub Actions can be used to export the configuration of your environment and then import this same configuration on your other environments.

How to monitor coreDNS   #kubernetes, #defend
How to monitor coreDNS: how to get metrics out of it, and what to look for.

Connecting Securely to Google Compute Engine VMs without a Public IP or VPN   #gcp, #build
How to use GCP's Identity-Aware Proxy (IAP) to establish secure RDP, SSH, and VNC connections to VMs on GCE that don't have a public IP or VPN connectivity.

CloudGoat ECS_EFS_Attack Walkthrough   #aws, #attack
Walkthrough covering the CloudGoat attack simulation "ecs_efs_attack", teaching how to pivot through AWS Elastic Container Service and gain access to AWS Elastic File Share.


Collection of tiny Terraform modules that can be used to do dangerous things in a CI/CD pipeline.

Tutorial walking through provisioning some VMs on GCP so to kick the tires on Cmd, an utility to track and control users in production.

From the cloud providers

AWS Icon  Introducing AWS Gateway Load Balancer
AWS announced the general availability of AWS Gateway Load Balancer (GWLB), a service that makes it easy and cost-effective to deploy, scale and manage the availability of third-party virtual appliances such as firewalls, intrusion detection and prevention systems and deep packet inspection systems in the cloud.

AWS Icon  What is AWS Nitro Enclaves?
Get started with AWS Nitro Enclaves. From EC2 instances, you can create isolated execution environments that are separate, hardened VMs.

AWS Icon  AWS Lambda now makes it easier to send logs to custom destinations
You can now send logs from AWS Lambda functions directly to a destination of your choice by using AWS Lambda Extensions. It is currently possible to use extensions that send logs to the following providers: Datadog, New Relic, Sumo Logic, Honeycomb, Lumigo, and Coralogix.

AWS Icon  Lightsail Containers: An Easy Way to Run your Containers in the Cloud
Amazon added the possibility to deploy container-based workloads on Lightsail. You can now deploy your container images to the cloud with the same simplicity and the same bundled pricing Amazon Lightsail provides for your virtual servers.

GCP Icon  Enabling Customer-Managed Encryption Keys (CMEK)
It is now possible to use your own encryption keys for secrets stored in GCP SecretManager with CMEK.

GCP Icon  Health checking your gRPC servers on GKE
Google open sourced a project called grpc-health-probe, a command-line tool to assess health of a gRPC server.

GCP Icon  It's not DNS: Ensuring high availability in a hybrid cloud environment
Post discussing some redundancy mechanisms you can employ to ensure that Cloud DNS is always available to handle your DNS requests.

Azure Icon  Using Azure Data Explorer for long term retention of Azure Sentinel logs
How to use Azure Data Explorer (ADX) as a secondary log store.

Thanks for reading!

If you found this newsletter helpful, I'd really appreciate if you could forward it to your friends and colleagues! 👌

If you have questions, comments, or feedback, let me know on Twitter (@lancinimarco / @CloudSecList), or at!

Forward Forward
Twitter Tweet
Share Share

How did you like this issue of CloudSecList?

1       2       3       4       5

Archives View in browser Sponsorship
© 2019-present, CloudSecList by Marco Lancini.