Release Date: 10/01/2021 | Issue: 69
The Cloud Security Reading List is a low volume newsletter (delivered once per week) that highlights security-related news focused on the cloud native landscape, hand curated by Marco Lancini.
🗓 New Year: new additions!
Welcome to the first issue of 2021. As first addition, this issue includes the first article focused on Alibaba Cloud
(which, given its market share, is probably worth getting used to)

This week's articles


Shifting Cloud Security Left - Scanning Infrastructure as Code for Security Issues
#ci/cd, #defend
A comparison of Terraform static analysis tools and tips for integration in CI/CD pipelines.


Lesser Known Techniques for Attacking AWS Environments
#aws, #attack
Scott Piper discusses lesser known attack techniques that he would use in attacking AWS accounts, alongside with a discussion on defenses.


Leaky Serverless Framework
#aws, #defend
Corey Quinn raising an issue by which it seems the Serverless Framework will in some cases copy your API credentials to their own systems and execute things on your behalf.


Using AWS and Azure for Cost Effective Log Ingestion with Data Processing Pipelines for SIEMs
#aws, #azure, #monitor
How to derive significant cost efficiencies in SIEM platform consumption with smart log ingestion utilising pre-processing data pipelines and modern cloud services.


Identity Security Monitoring in Microsoft Cloud Services
#azure, #monitor
Overview about data sources or signals that should be considered for monitoring based on identity-related activities, risk detections, alerts and events across the Microsoft ecosystem.


Azure Security Basics: Log Analytics, Security Center, and Sentinel
#azure, #monitor
Log Analytics, Sentinel, and ATP can produce a complete picture of your Azure authentication border defenses, virtual server happenings, and everything in between them.


What I learned by failing the AZ-500 Microsoft Azure Security Technologies exam
#azure, #explain
A very open "postmortem" on a failed attempt at AZ-500, with some of the key things learned along the way.


GCP .actAs d-day > How not to remediate
#gcp, #defend, #explain
Blog post detailing the .actAs permission, a little ditty on the history of this vulnerability and how to remediate before Google does it for you.


Fixing a Google Vulnerability: GCP Privilege Escalation and Lateral Movement
#gcp, #defend
What does lateral movement look like internally in Google's own infra hosted in GCP? How do security decisions get made at a major cloud provider?


AWS Lambda $LATEST is dangerous
#aws, #build
You should always use function versioning. You should almost always use function aliases, which have a handful of benefits involving metrics in CloudWatch, IAM permissions, traffic-shifting, etc.


Alibaba Cloud Cross Account Trust: The Confused Deputy Problem
#alibaba, #explain
Post exploring Alibaba Cloud's approach to cross account trust and the security implications of their trust model.


Evolving Container Security With Linux User Namespaces
#k8s, #defend
Netflix describes how Titus (their container orchestration system) agents leverage user namespaces to improve the overall security of the Titus agent fleet.

Tools


CrowdStrike Reporting Tool for Azure (CRT)
A tool which helps organizations quickly and easily review excessive permissions in their Azure AD environments, helps determine configuration weaknesses, and provides advice to mitigate risk.


serverlessish
Run the exact same image for websites in Lambda as you do in ECS, Kubernetes, etc.


policy-hub-cli
PolicyHub is a CLI tool that makes Rego policies searchable.


kubernetes-network-policy-recipes
Example recipes for Kubernetes Network Policies that you can just copy paste.


terraform-azurerm-caf-enterprise-scale
This module provides an opinionated approach for delivering the core platform capabilities of enterprise-scale landing zones using Terraform, based on the architecture published in the Cloud Adoption Framework enterprise-scale landing zone architecture.

From the cloud providers


AWS Icon  New IAM condition keys for Amazon S3 limit requests to buckets owned by specific AWS accounts, and to specific TLS versions
New IAM condition keys to limit requests to: Buckets owned by specific AWS accounts, specific TLS versions used by clients.


AWS Icon  AWS Lambda now supports SASL/SCRAM authentication for functions triggered from Amazon MSK
AWS Lambda functions that are triggered from an Amazon Managed Streaming for Apache Kafka (Amazon MSK) topic can now access to usernames and passwords secured by AWS Secrets Manager using SASL/SCRAM.


AWS Icon  Anonymize and manage data in your data lake with Amazon Athena and AWS Lake Formation
How to use Amazon Athena to anonymize a dataset. You can then use AWS Lake Formation to provide the right access to the right personas.


GCP Icon  Searching IAM policies
The Cloud Asset API allows you to use a custom query language to search Identity and Access Management (IAM) policies within a project, folder, or organization.


GCP Icon  Protecting your Kubernetes deployments with Policy Controller
If you are using a Google Cloud managed solution like Anthos or Kubernetes Engine (GKE), you can easily and effectively mitigate CVE-2020-8554, which lets users create objects that could act as a "Man in the Middle" and therefore potentially intercept sensitive data.


GCP Icon  Unlocking the mystery of stronger security key management
What you can do to better encrypt your security keys in Google Cloud.


Azure Icon  New Year - New Official Azure Sentinel PowerShell Module
Based on the Azure SDK for .NET and part of the Azure (Az) module, Microsoft announced the public preview release of the Az.SecurityInsights PowerShell module.


Azure Icon  Cloud-native security operations with Azure Sentinel
Learning path describing basic architecture, core capabilities, and primary use cases of Azure Sentinel, a cloud-native, security information and event management (SIEM) service.


Azure Icon  Protecting Microsoft 365 from on-premises attacks
How to configure your systems to protect your Microsoft 365 cloud environment from on-premises compromise.

Website
Twitter
View this email in your browser © 2019-present
The Cloud Security Reading List by SecurityBite LTD.