Release Date: 15/11/2020 | Issue: 63
Know someone who'd find this useful? Forward this email
CloudSecList is a newsletter for busy professionals who want to keep up to date with the cloud security industry. Hand-curated by Marco Lancini.

This week's articles


Announcing OpenCSPM - An Open-Source Cloud Security Posture Management and Workflow Platform
OpenCSPM is an open-source platform developed by Darkbit that aims to make continuous cloud security posture assessments of cloud environments a practical reality for security and compliance teams alike. It offers a unique approach to manage the firehose of security and compliance check results that even modest AWS and GCP environments can surface, and its control definitions allow for simple yet powerful levels of introspection of its graph data model.   #aws   #gcp   #defend   #announcement


Announcing Curiefense: An Open-Source Security Platform
Curiefense is a free, open-source, web security platform that extends Envoy Proxy to include WAF, Bot Management, application-layer DDoS, & more.   #k8s   #defend   #announcement


Blind Spots in the Cloud
High-level post reviewing logging and visibility options offered by AWS and GCP, and discussing blind spots and how to eliminate them.   #aws   #gcp   #defend


Announcing HashiCorp Vault 1.6
This release features Integrated Storage enhancements, a new Key Management Secrets Engine, Transform Secrets Engine updates, and more.   #vault   #announcement


Terraform 0.14 Adds the Ability to Redact Sensitive Values in Console Output
Terraform 0.14 allows users to define values as "sensitive", making it easier to redact sensitive information in Terraform workflows.   #terraform   #ci/cd


Deploying changes to your Auth0 accounts with GitHub Actions
How the Auth0 Deploy CLI and GitHub Actions can be used to export the configuration of your environment and then import this same configuration on your other environments.   #ci/cd   #build


How to monitor coreDNS
How to monitor coreDNS: how to get metrics out of it, and what to look for.   #kubernetes   #defend


Connecting Securely to Google Compute Engine VMs without a Public IP or VPN
How to use GCP's Identity-Aware Proxy (IAP) to establish secure RDP, SSH, and VNC connections to VMs on GCE that don't have a public IP or VPN connectivity.   #gcp   #build


CloudGoat ECS_EFS_Attack Walkthrough
Walkthrough covering the CloudGoat attack simulation "ecs_efs_attack", teaching how to pivot through AWS Elastic Container Service and gain access to AWS Elastic File Share.   #aws   #attack

Tools


terraform-deployment-pentesting
Collection of tiny Terraform modules that can be used to do dangerous things in a CI/CD pipeline.


cmd-tutorial
Tutorial walking through provisioning some VMs on GCP so to kick the tires on Cmd, an utility to track and control users in production.

From the cloud providers


#AWS   Introducing AWS Gateway Load Balancer
AWS announced the general availability of AWS Gateway Load Balancer (GWLB), a service that makes it easy and cost-effective to deploy, scale and manage the availability of third-party virtual appliances such as firewalls, intrusion detection and prevention systems and deep packet inspection systems in the cloud.


#AWS   What is AWS Nitro Enclaves?
Get started with AWS Nitro Enclaves. From EC2 instances, you can create isolated execution environments that are separate, hardened VMs.


#AWS   AWS Lambda now makes it easier to send logs to custom destinations
You can now send logs from AWS Lambda functions directly to a destination of your choice by using AWS Lambda Extensions. It is currently possible to use extensions that send logs to the following providers: Datadog, New Relic, Sumo Logic, Honeycomb, Lumigo, and Coralogix.


#AWS   Lightsail Containers: An Easy Way to Run your Containers in the Cloud
Amazon added the possibility to deploy container-based workloads on Lightsail. You can now deploy your container images to the cloud with the same simplicity and the same bundled pricing Amazon Lightsail provides for your virtual servers.


#GCP   Enabling Customer-Managed Encryption Keys (CMEK)
It is now possible to use your own encryption keys for secrets stored in GCP SecretManager with CMEK.


#GCP   Health checking your gRPC servers on GKE
Google open sourced a project called grpc-health-probe, a command-line tool to assess health of a gRPC server.


#GCP   It's not DNS: Ensuring high availability in a hybrid cloud environment
Post discussing some redundancy mechanisms you can employ to ensure that Cloud DNS is always available to handle your DNS requests.


#AZURE   Using Azure Data Explorer for long term retention of Azure Sentinel logs
How to use Azure Data Explorer (ADX) as a secondary log store.

Thanks for reading!

If you found this newsletter helpful, I'd really appreciate if you could forward it to your friends and colleagues! ๐Ÿ‘Œ

If you have questions, comments, or feedback, let me know on Twitter (@lancinimarco / @CloudSecList), or at feedback.cloudseclist.com!

Thanks,
Marco
Forward Forward
Twitter Tweet
Share Share

How did you like this issue of CloudSecList?

1       2       3       4       5

Archives View in browser Sponsorship
ยฉ 2019-present CloudSecList ยท Marco Lancini