Release Date: 13/12/2020 | Issue: 67
Know someone who'd find this useful? Forward this email
CloudSecList is a newsletter for busy professionals who want to keep up to date with the cloud security industry. Hand-curated by Marco Lancini.

This week's articles


A map of AWS security services
Given the announcement of AWS Audit Manager, Scott Piper tried to map how AWS security services all connect to one another and where to categorize them.   #aws   #explain


Applying DevSecOps to your software supply chain
GitHub's 2019 State of the Octoverse Report showed that on average, each repository has more than 200 dependencies. The reality of the software supply chain is that you are dependent on code you didn't write, yet the dependencies still require work from you for ongoing upkeep. So where should you get started in implementing security controls?   #ci/cd   #defend


Security Kill Chain Stages in a 100K+ Daily Container Environment with Falco
Walkthrough of how MathWorks uses Falco to identify activity related to recon, weaponization, delivery, exploitation, installation, and command & control on their 100K+ daily MATLAB containers.   #k8s   #defend


AWS Systems Manager Attack and defense strategies
Post covering multiple aspects of Systems Manager, Documents and how to protect and detect techniques leveraging its "Run Command".   #aws   #attack


How To Protect Sensitive Data in Terraform
Tutorial on protecting sensitive data in Terraform, by hiding sensitive data in outputs during execution and storing state in a secure cloud object storage.   #terraform   #build


Monitoring & securing AWS with Microsoft
Interesting approach, how to setup (advanced) monitoring of AWS with Azure Security Center (CSPM), Azure Defender (CWPP), Cloud App Security (CASB), and Azure Sentinel (SIEM).   #aws   #azure   #defend


Kernel privilege escalation: how Kubernetes container isolation impacts privilege escalation attacks
Post exploring how Kubernetes container isolation impacts privilege escalation attacks, using common kernel exploitation techniques.   #k8s   #attack


Kubernetes man in the middle using LoadBalancer or ExternalIPs (CVE-2020-8554)
Authorized users granted PATCH permission for LoadBalancer or ClusterIP services can do a MITM on anything the cluster.   #k8s   #attack


Service Mesh with Envoy
Post covering a working setup of a service mesh architecture using Envoy for both control and data plane.   #k8s   #build


Helping Reach a Zero Trust Network Using an Istio Service Mesh
How to apply Zero Trust principles by locking down a service mesh to only accept traffic from trusted sources.   #k8s   #build


How to choose the right API Gateway auth method
In case you've been wondering how you should protect your API Gateway APIs - API Keys vs AWS IAM vs Cognito vs Lambda authorizer vs Resource Policies?   #aws   #build


What's new in Kubernetes 1.20?
Here is the detailed list of what's new in Kubernetes 1.20.   #k8s   #explain

Tools


ConsoleMe
Netflix released ConsoleMe, a tool that consolidates the management of multiple AWS accounts into a single interface. It allows your end-users and administrators to get credentials for your different accounts, and allows your users/administrators to manage or request cloud permissions.


deepce
Docker Enumeration, Escalation of Privileges and Container Escapes (DEEPCE).

From the cloud providers


#AWS   AWS announces AWS Audit Manager
AWS Audit Manager is a new service that helps you continuously audit your AWS usage to simplify how you assess risk and compliance with regulations and industry standards. You can also check the announcement blog post.


#AWS   Results of the 2020 AWS Container Security Survey
As in 2019, Amazon conducted an anonymous survey throughout 2020 amongst container users on AWS. The summary of the results as a PDF file as well as the raw results in CSV format are available along with the details on the questions asked.


#AWS   Managing AWS Organizations using the open source org-formation tool
AWS Organizations Formation (org-formation) is an open source and community-supported tool that allows users to manage different aspects of their AWS Organizations through Infrastructure as Code (IaC). This series of posts introduces org-formation and explains how to get started.


#AWS   Enforce your AWS Network Firewall protections at scale with AWS Firewall Manager
How to create, configure, and maintain Network Firewall firewalls with common security policies across appropriate accounts and VPCs in your AWS Organizations structure by leveraging Firewall Manager.


#AWS   AWS Security Hub adds open source tool integrations with Kube-bench and Cloud Custodian
AWS Security Hub can now automatically receive findings from the open source tools Kube-bench and Cloud Custodian.


#GCP   Get to know Workflows, Google Cloud's serverless orchestration engine
Workflows is a fully managed workflow orchestration product running as part of Google Cloud. It's fully serverless and requires no infrastructure management.


#AZURE   Use Azure Active Directory pod-managed identities in Azure Kubernetes Service
Azure Active Directory pod-managed identities uses Kubernetes primitives to associate managed identities for Azure resources and identities in Azure Active Directory (AAD) with pods. Administrators create identities and bindings as Kubernetes primitives that allow pods to access Azure resources that rely on AAD as an identity provider.


#AZURE   How to setup a Canarytoken and receive incident alerts on Azure Sentinel
It is now possible to expand threat detection capabilities in Azure Sentinel using Honey Tokens or Canarytokens.

Thanks for reading!

If you found this newsletter helpful, I'd really appreciate if you could forward it to your friends and colleagues! ๐Ÿ‘Œ

If you have questions, comments, or feedback, let me know on Twitter (@lancinimarco / @CloudSecList), or at feedback.cloudseclist.com!

Thanks,
Marco
Forward Forward
Twitter Tweet
Share Share

How did you like this issue of CloudSecList?

1       2       3       4       5

Archives View in browser Sponsorship
ยฉ 2019-present CloudSecList ยท Marco Lancini