Release Date: 13/12/2020 | Issue: 67
The Cloud Security Reading List is a low volume mailing list (once per week) that highlights security-related news focused on the cloud native landscape,
hand curated by Marco Lancini.

This week's articles


A map of AWS security services
#aws, #explain
Given the announcement of AWS Audit Manager, Scott Piper tried to map how AWS security services all connect to one another and where to categorize them.


Applying DevSecOps to your software supply chain
#ci/cd, #defend
GitHub's 2019 State of the Octoverse Report showed that on average, each repository has more than 200 dependencies. The reality of the software supply chain is that you are dependent on code you didn't write, yet the dependencies still require work from you for ongoing upkeep. So where should you get started in implementing security controls?


Security Kill Chain Stages in a 100K+ Daily Container Environment with Falco
#k8s, #defend
Walkthrough of how MathWorks uses Falco to identify activity related to recon, weaponization, delivery, exploitation, installation, and command & control on their 100K+ daily MATLAB containers.


AWS Systems Manager Attack and defense strategies
#aws, #attack
Post covering multiple aspects of Systems Manager, Documents and how to protect and detect techniques leveraging its "Run Command".


How To Protect Sensitive Data in Terraform
#terraform, #build
Tutorial on protecting sensitive data in Terraform, by hiding sensitive data in outputs during execution and storing state in a secure cloud object storage.


Monitoring & securing AWS with Microsoft
#aws, #azure, #defend
Interesting approach, how to setup (advanced) monitoring of AWS with Azure Security Center (CSPM), Azure Defender (CWPP), Cloud App Security (CASB), and Azure Sentinel (SIEM).


Kernel privilege escalation: how Kubernetes container isolation impacts privilege escalation attacks
#k8s, #attack
Post exploring how Kubernetes container isolation impacts privilege escalation attacks, using common kernel exploitation techniques.


Kubernetes man in the middle using LoadBalancer or ExternalIPs (CVE-2020-8554)
#k8s, #attack
Authorized users granted PATCH permission for LoadBalancer or ClusterIP services can do a MITM on anything the cluster.


Service Mesh with Envoy
#k8s, #build
Post covering a working setup of a service mesh architecture using Envoy for both control and data plane.


Helping Reach a Zero Trust Network Using an Istio Service Mesh
#k8s, #build
How to apply Zero Trust principles by locking down a service mesh to only accept traffic from trusted sources.


How to choose the right API Gateway auth method
#aws, #build
In case you've been wondering how you should protect your API Gateway APIs - API Keys vs AWS IAM vs Cognito vs Lambda authorizer vs Resource Policies?


What's new in Kubernetes 1.20?
#k8s, #explain
Here is the detailed list of what's new in Kubernetes 1.20.

Tools


ConsoleMe
Netflix released ConsoleMe, a tool that consolidates the management of multiple AWS accounts into a single interface. It allows your end-users and administrators to get credentials for your different accounts, and allows your users/administrators to manage or request cloud permissions.


deepce
Docker Enumeration, Escalation of Privileges and Container Escapes (DEEPCE).

From the cloud providers


AWS Icon  AWS announces AWS Audit Manager
AWS Audit Manager is a new service that helps you continuously audit your AWS usage to simplify how you assess risk and compliance with regulations and industry standards. You can also check the announcement blog post.


AWS Icon  Results of the 2020 AWS Container Security Survey
As in 2019, Amazon conducted an anonymous survey throughout 2020 amongst container users on AWS. The summary of the results as a PDF file as well as the raw results in CSV format are available along with the details on the questions asked.


AWS Icon  Managing AWS Organizations using the open source org-formation tool
AWS Organizations Formation (org-formation) is an open source and community-supported tool that allows users to manage different aspects of their AWS Organizations through Infrastructure as Code (IaC). This series of posts introduces org-formation and explains how to get started.


AWS Icon  Enforce your AWS Network Firewall protections at scale with AWS Firewall Manager
How to create, configure, and maintain Network Firewall firewalls with common security policies across appropriate accounts and VPCs in your AWS Organizations structure by leveraging Firewall Manager.


AWS Icon  AWS Security Hub adds open source tool integrations with Kube-bench and Cloud Custodian
AWS Security Hub can now automatically receive findings from the open source tools Kube-bench and Cloud Custodian.


GCP Icon  Get to know Workflows, Google Cloud's serverless orchestration engine
Workflows is a fully managed workflow orchestration product running as part of Google Cloud. It's fully serverless and requires no infrastructure management.


Azure Icon  Use Azure Active Directory pod-managed identities in Azure Kubernetes Service
Azure Active Directory pod-managed identities uses Kubernetes primitives to associate managed identities for Azure resources and identities in Azure Active Directory (AAD) with pods. Administrators create identities and bindings as Kubernetes primitives that allow pods to access Azure resources that rely on AAD as an identity provider.


Azure Icon  How to setup a Canarytoken and receive incident alerts on Azure Sentinel
It is now possible to expand threat detection capabilities in Azure Sentinel using Honey Tokens or Canarytokens.

Website
Twitter
Sponsor Me
View this email in your browser Copyright © 2019-present The Cloud Security Reading List.