Release Date: 17/01/2021 | Issue: 70
CloudSecList is a newsletter for busy professionals who want to keep up to date with the cloud security industry. Hand-curated by Marco Lancini.

If you received it, you either subscribed or someone forwarded it to you. If you fit in the latter camp and want to subscribe, then you can click on this button:
Sign Up

This week's articles

AWS Security Maturity Roadmap 2021   #aws, #defend
Scott Piper's third annual release of his "AWS Security Maturity Roadmap" to give companies a series of actionable steps to improve the security of their AWS environments.

Auditing PassRole: A Problematic Privilege Escalation Permission   #aws, #attack
The PassRole permission requirement is ubiquitous. It extends to more than 300 actions in more than 90 services and, in some cases, is obscured by parameters that indirectly contain the role being passed. Comprehensively auditing it can be a handful but is absolutely worth it as not doing so means leaving relatively easy avenues for privilege escalation wide open.

How to Enable Logging on Every AWS Service in Existence (Circa 2021)   #aws, #monitor
Cloud security best practices, as well as most compliance programs, require that logging be enabled for all in-scope services. However, that simple requirement - enable logging - comes with many follow-up questions. Is CloudTrail enough? How do I turn on logging for all these services? Aren't logs collected by default? What. even. is. a. log?

What You Need to Know About AWS Security Monitoring, Logging, and Alerting   #aws, #monitor
Post laying out the different AWS security monitoring and logging sources, how to collect logs from them, and how to select the most appropriate collection technique.

Overview of AWS Logs   #aws, #monitor, #explain
Post listing all main AWS services logging sources with a summary table, format, example and a Grok regex to parse log and ingest into a tool like Elastic Stack (ELK).

Abusing cloud services to fly under the radar   #gcp, #azure, #attack
NCC Group and Fox-IT have been tracking a threat group with a wide set of interests, from intellectual property (IP) from victims in the semiconductors industry through to data from the airline industry. In their intrusions they regularly abuse cloud services from Google and Microsoft to achieve their goals.

Simplify Kubernetes Resource Access Control using RBAC Impersonation   #k8s, #explain
Kubernetes RBAC includes a special "impersonate" verb, that can be used to allow Subjects to acquire other Kubernetes User or Group identity.

Building an IaC security and governance program step-by-step   #iac, #explain
Technical process for approaching and building an internal IaC security strategy, which meets goals without slowing your developers down.

Announcing HCP Vault Public Beta   #vault, #announcement
HashiCorp announced the public beta for Vault running on the HashiCorp Cloud Platform (HCP). With this setup, HashiCorp will handle infrastructure, backups, upgrades, etc.

When the Levee Breaks: Protecting Vault Against Advanced Adversaries and Internal Threats   #vault, #explain
The cryptography and key management protecting HashiCorp Vault secrets is designed to stand up to concerted attacks from well-resourced, skilled adversaries. Here's how it works.

Sysdig 2021 container security and usage report: Shifting left is not enough   #docker
The fourth annual Sysdig container security and usage report looks at how global Sysdig customers of all sizes and industries are using and securing container environments.

Top Ten Security Updates from AWS re:Invent 2020   #aws
AWS re:Invent ran for three weeks last year. It is more important than ever to help everyone by summarizing AWS' biggest security announcements.

Exploring Rootless Docker   #docker, #build
With the release of Docker 20.10, the rootless containers feature has left experimental status. This post explores setup and usability of rootless Docker.


AWS Config Conformance Pack Repository
A collection of AWS Config Conformance Packs. A conformance pack is a collection of AWS Config rules and remediation actions that can be easily deployed as a single entity in an AWS account and a region.

Applied Purple Teaming Lab Build on Azure with Terraform (Windows DC, Member, and HELK!)
Ubuntu base OS, install AZCLI, unpack terraform, gather auth tokens, run script, enjoy new domain.

From the cloud providers

AWS Icon  How to secure your Amazon WorkSpaces for external users
Some key security controls that you can use to architect your Amazon WorkSpaces environment to provide external users access to your corporate applications and data in a way that satisfies your unique security and compliance objectives.

AWS Icon  Combining encryption and signing with AWS KMS asymmetric keys
How to use AWS Key Management Service (KMS) to combine asymmetric digital signature and asymmetric encryption of the same data.

AWS Icon  Compliance-as-code and auto-remediation with Cloud Custodian
How to enable nearly continuous compliance with Cloud Custodian and AWS Lambda.

AWS Icon  Simplifying cross-account access with Amazon EventBridge resource policies
How to use EventBridge resource policies to publish events and create rules on event buses in another account.

GCP Icon  4 best practices for ensuring privacy and security of your data in Cloud Storage
Beyond the fundamentals, Cloud Storage offers several security features, such as uniform bucket-level access, service account HMAC keys, IAM conditions, Delegation tokens, and V4 signatures.

Azure Icon  Handling ingestion delay in Azure Sentinel scheduled alert rules
Addressing the delay challenge: understanding the impact of the ingestion delay and how to fix it.

Thanks for reading!

If you found this newsletter helpful, I'd really appreciate if you could forward it to your friends and colleagues! 👌

If you have questions, comments, or feedback, let me know on Twitter (@lancinimarco / @CloudSecList), or at!

Forward Forward
Twitter Tweet
Share Share

How did you like this issue of CloudSecList?

1       2       3       4       5

Archives View in browser Sponsorship
© 2019-present, CloudSecList by Marco Lancini.