Release Date: 10/01/2021 | Issue: 69
Know someone who'd find this useful? Forward this email
CloudSecList is a newsletter for busy professionals who want to keep up to date with the cloud security industry. Hand-curated by Marco Lancini.
๐Ÿ—“ New Year: new additions!
Welcome to the first issue of 2021. As first addition, this issue includes the first article focused on Alibaba Cloud
(which, given its market share, is probably worth getting used to)

This week's articles


Shifting Cloud Security Left - Scanning Infrastructure as Code for Security Issues
A comparison of Terraform static analysis tools and tips for integration in CI/CD pipelines.   #ci/cd   #defend


Lesser Known Techniques for Attacking AWS Environments
Scott Piper discusses lesser known attack techniques that he would use in attacking AWS accounts, alongside with a discussion on defenses.   #aws   #attack


Leaky Serverless Framework
Corey Quinn raising an issue by which it seems the Serverless Framework will in some cases copy your API credentials to their own systems and execute things on your behalf.   #aws   #defend


Using AWS and Azure for Cost Effective Log Ingestion with Data Processing Pipelines for SIEMs
How to derive significant cost efficiencies in SIEM platform consumption with smart log ingestion utilising pre-processing data pipelines and modern cloud services.   #aws   #azure   #monitor


Identity Security Monitoring in Microsoft Cloud Services
Overview about data sources or signals that should be considered for monitoring based on identity-related activities, risk detections, alerts and events across the Microsoft ecosystem.   #azure   #monitor


Azure Security Basics: Log Analytics, Security Center, and Sentinel
Log Analytics, Sentinel, and ATP can produce a complete picture of your Azure authentication border defenses, virtual server happenings, and everything in between them.   #azure   #monitor


What I learned by failing the AZ-500 Microsoft Azure Security Technologies exam
A very open "postmortem" on a failed attempt at AZ-500, with some of the key things learned along the way.   #azure   #explain


GCP .actAs d-day > How not to remediate
Blog post detailing the .actAs permission, a little ditty on the history of this vulnerability and how to remediate before Google does it for you.   #gcp   #defend   #explain


Fixing a Google Vulnerability: GCP Privilege Escalation and Lateral Movement
What does lateral movement look like internally in Google's own infra hosted in GCP? How do security decisions get made at a major cloud provider?   #gcp   #defend


AWS Lambda $LATEST is dangerous
You should always use function versioning. You should almost always use function aliases, which have a handful of benefits involving metrics in CloudWatch, IAM permissions, traffic-shifting, etc.   #aws   #build


Alibaba Cloud Cross Account Trust: The Confused Deputy Problem
Post exploring Alibaba Cloud's approach to cross account trust and the security implications of their trust model.   #alibaba   #explain


Evolving Container Security With Linux User Namespaces
Netflix describes how Titus (their container orchestration system) agents leverage user namespaces to improve the overall security of the Titus agent fleet.   #k8s   #defend

Tools


CrowdStrike Reporting Tool for Azure (CRT)
A tool which helps organizations quickly and easily review excessive permissions in their Azure AD environments, helps determine configuration weaknesses, and provides advice to mitigate risk.


serverlessish
Run the exact same image for websites in Lambda as you do in ECS, Kubernetes, etc.


policy-hub-cli
PolicyHub is a CLI tool that makes Rego policies searchable.


kubernetes-network-policy-recipes
Example recipes for Kubernetes Network Policies that you can just copy paste.


terraform-azurerm-caf-enterprise-scale
This module provides an opinionated approach for delivering the core platform capabilities of enterprise-scale landing zones using Terraform, based on the architecture published in the Cloud Adoption Framework enterprise-scale landing zone architecture.

From the cloud providers


#AWS   New IAM condition keys for Amazon S3 limit requests to buckets owned by specific AWS accounts, and to specific TLS versions
New IAM condition keys to limit requests to: Buckets owned by specific AWS accounts, specific TLS versions used by clients.


#AWS   AWS Lambda now supports SASL/SCRAM authentication for functions triggered from Amazon MSK
AWS Lambda functions that are triggered from an Amazon Managed Streaming for Apache Kafka (Amazon MSK) topic can now access to usernames and passwords secured by AWS Secrets Manager using SASL/SCRAM.


#AWS   Anonymize and manage data in your data lake with Amazon Athena and AWS Lake Formation
How to use Amazon Athena to anonymize a dataset. You can then use AWS Lake Formation to provide the right access to the right personas.


#GCP   Searching IAM policies
The Cloud Asset API allows you to use a custom query language to search Identity and Access Management (IAM) policies within a project, folder, or organization.


#GCP   Protecting your Kubernetes deployments with Policy Controller
If you are using a Google Cloud managed solution like Anthos or Kubernetes Engine (GKE), you can easily and effectively mitigate CVE-2020-8554, which lets users create objects that could act as a "Man in the Middle" and therefore potentially intercept sensitive data.


#GCP   Unlocking the mystery of stronger security key management
What you can do to better encrypt your security keys in Google Cloud.


#AZURE   New Year - New Official Azure Sentinel PowerShell Module
Based on the Azure SDK for .NET and part of the Azure (Az) module, Microsoft announced the public preview release of the Az.SecurityInsights PowerShell module.


#AZURE   Cloud-native security operations with Azure Sentinel
Learning path describing basic architecture, core capabilities, and primary use cases of Azure Sentinel, a cloud-native, security information and event management (SIEM) service.


#AZURE   Protecting Microsoft 365 from on-premises attacks
How to configure your systems to protect your Microsoft 365 cloud environment from on-premises compromise.

Thanks for reading!

If you found this newsletter helpful, I'd really appreciate if you could forward it to your friends and colleagues! ๐Ÿ‘Œ

If you have questions, comments, or feedback, let me know on Twitter (@lancinimarco / @CloudSecList), or at feedback.cloudseclist.com!

Thanks,
Marco
Forward Forward
Twitter Tweet
Share Share

How did you like this issue of CloudSecList?

1       2       3       4       5

Archives View in browser Sponsorship
ยฉ 2019-present CloudSecList ยท Marco Lancini