Release Date: 10/01/2021 | Issue: 69
CloudSecList is a newsletter for busy professionals who want to keep up to date with the cloud security industry. Hand-curated by Marco Lancini.

If you received it, you either subscribed or someone forwarded it to you. If you fit in the latter camp and want to subscribe, then you can click on this button:
Sign Up
🗓 New Year: new additions!
Welcome to the first issue of 2021. As first addition, this issue includes the first article focused on Alibaba Cloud
(which, given its market share, is probably worth getting used to)

This week's articles

Shifting Cloud Security Left - Scanning Infrastructure as Code for Security Issues   #ci/cd, #defend
A comparison of Terraform static analysis tools and tips for integration in CI/CD pipelines.

Lesser Known Techniques for Attacking AWS Environments   #aws, #attack
Scott Piper discusses lesser known attack techniques that he would use in attacking AWS accounts, alongside with a discussion on defenses.

Leaky Serverless Framework   #aws, #defend
Corey Quinn raising an issue by which it seems the Serverless Framework will in some cases copy your API credentials to their own systems and execute things on your behalf.

Using AWS and Azure for Cost Effective Log Ingestion with Data Processing Pipelines for SIEMs   #aws, #azure, #monitor
How to derive significant cost efficiencies in SIEM platform consumption with smart log ingestion utilising pre-processing data pipelines and modern cloud services.

Identity Security Monitoring in Microsoft Cloud Services   #azure, #monitor
Overview about data sources or signals that should be considered for monitoring based on identity-related activities, risk detections, alerts and events across the Microsoft ecosystem.

Azure Security Basics: Log Analytics, Security Center, and Sentinel   #azure, #monitor
Log Analytics, Sentinel, and ATP can produce a complete picture of your Azure authentication border defenses, virtual server happenings, and everything in between them.

What I learned by failing the AZ-500 Microsoft Azure Security Technologies exam   #azure, #explain
A very open "postmortem" on a failed attempt at AZ-500, with some of the key things learned along the way.

GCP .actAs d-day > How not to remediate   #gcp, #defend, #explain
Blog post detailing the .actAs permission, a little ditty on the history of this vulnerability and how to remediate before Google does it for you.

Fixing a Google Vulnerability: GCP Privilege Escalation and Lateral Movement   #gcp, #defend
What does lateral movement look like internally in Google's own infra hosted in GCP? How do security decisions get made at a major cloud provider?

AWS Lambda $LATEST is dangerous   #aws, #build
You should always use function versioning. You should almost always use function aliases, which have a handful of benefits involving metrics in CloudWatch, IAM permissions, traffic-shifting, etc.

Alibaba Cloud Cross Account Trust: The Confused Deputy Problem   #alibaba, #explain
Post exploring Alibaba Cloud's approach to cross account trust and the security implications of their trust model.

Evolving Container Security With Linux User Namespaces   #k8s, #defend
Netflix describes how Titus (their container orchestration system) agents leverage user namespaces to improve the overall security of the Titus agent fleet.


CrowdStrike Reporting Tool for Azure (CRT)
A tool which helps organizations quickly and easily review excessive permissions in their Azure AD environments, helps determine configuration weaknesses, and provides advice to mitigate risk.

Run the exact same image for websites in Lambda as you do in ECS, Kubernetes, etc.

PolicyHub is a CLI tool that makes Rego policies searchable.

Example recipes for Kubernetes Network Policies that you can just copy paste.

This module provides an opinionated approach for delivering the core platform capabilities of enterprise-scale landing zones using Terraform, based on the architecture published in the Cloud Adoption Framework enterprise-scale landing zone architecture.

From the cloud providers

AWS Icon  New IAM condition keys for Amazon S3 limit requests to buckets owned by specific AWS accounts, and to specific TLS versions
New IAM condition keys to limit requests to: Buckets owned by specific AWS accounts, specific TLS versions used by clients.

AWS Icon  AWS Lambda now supports SASL/SCRAM authentication for functions triggered from Amazon MSK
AWS Lambda functions that are triggered from an Amazon Managed Streaming for Apache Kafka (Amazon MSK) topic can now access to usernames and passwords secured by AWS Secrets Manager using SASL/SCRAM.

AWS Icon  Anonymize and manage data in your data lake with Amazon Athena and AWS Lake Formation
How to use Amazon Athena to anonymize a dataset. You can then use AWS Lake Formation to provide the right access to the right personas.

GCP Icon  Searching IAM policies
The Cloud Asset API allows you to use a custom query language to search Identity and Access Management (IAM) policies within a project, folder, or organization.

GCP Icon  Protecting your Kubernetes deployments with Policy Controller
If you are using a Google Cloud managed solution like Anthos or Kubernetes Engine (GKE), you can easily and effectively mitigate CVE-2020-8554, which lets users create objects that could act as a "Man in the Middle" and therefore potentially intercept sensitive data.

GCP Icon  Unlocking the mystery of stronger security key management
What you can do to better encrypt your security keys in Google Cloud.

Azure Icon  New Year - New Official Azure Sentinel PowerShell Module
Based on the Azure SDK for .NET and part of the Azure (Az) module, Microsoft announced the public preview release of the Az.SecurityInsights PowerShell module.

Azure Icon  Cloud-native security operations with Azure Sentinel
Learning path describing basic architecture, core capabilities, and primary use cases of Azure Sentinel, a cloud-native, security information and event management (SIEM) service.

Azure Icon  Protecting Microsoft 365 from on-premises attacks
How to configure your systems to protect your Microsoft 365 cloud environment from on-premises compromise.

Thanks for reading!

If you found this newsletter helpful, I'd really appreciate if you could forward it to your friends and colleagues! 👌

If you have questions, comments, or feedback, let me know on Twitter (@lancinimarco / @CloudSecList), or at!

Forward Forward
Twitter Tweet
Share Share

How did you like this issue of CloudSecList?

1       2       3       4       5

Archives View in browser Sponsorship
© 2019-present, CloudSecList by Marco Lancini.