Release Date: 21/02/2021 | Issue: 75
The Cloud Security Reading List is a low volume newsletter (delivered once per week) that highlights security-related news focused on the cloud native landscape, hand curated by Marco Lancini.
Sponsor

✨ All-in-one cloud security with Bridgecrew ✨
Bridgecrew delivers comprehensive security from commit to cloud. Powered by security-as-code, Bridgecrew gives you instant visibility into your cloud security posture and equips you with automated remediation. By embedding security earlier in the development lifecycle, we enable teams to secure their infrastructure without slowing them down. Start codifying your cloud security with Bridgecrew for free!

This week's articles


3 Ways to Mitigate Risk When Using Private Package Feeds
#ci/cd, #defend
Microsoft whitepaper on best practices to follow to reduce risks against substitution attacks.


Docker image history modification - why you can't trust docker history
#docker, #defend
How to modify the embedded "history" of a Docker image, and why it can't be used to secure your image supply chain.


Building Secure AWS AMIs: Building hardened CentOS AMIs from scratch
#aws, #build
How to setup the infrastructure required to create EC2 AMIs from scratch, how to use the example hardening scripts for CentOS, and how to validate them with Amazon Inspector.


Case of the doppelganger AWS account
#aws, #explain
Under special circumstances, two AWS accounts could share the same root email address, but it is not a security problem and will probably never happen to you.


Normalizing AWS IAM Policies for Automation
#aws, #defend
Uncovering the power of SQL to analyze IAM policies via normalization of the AWS IAM policy syntax.


Access to Glassdoor's Infra (AWS) and BitBucket account through leaked repo
#aws, #attack
AWS credentials associated to a Glassdoor employee were exposed via a publicly accessible repository. These keys gave access to a particular account on AWS related to big data workloads.


AAD & M365 kill chain
#azure, #attack
The Azure AD and Microsoft 365 kill chain is a collection of recon techniques and hacking tools.


Runtime security in Azure Kubernetes Service
#azure, #k8s, #defend
How to secure containers on Microsoft Azure Kubernetes Service (AKS) with open source Falco.


Keep it secret. Keep it ... safe?
#aws, #defend
Another experiment aiming to verify what happens after you accidentally leak secrets to a public code repository.


How to use Docker Security Scan Locally
#docker, #build
Docker and Snyk recently entered into a partnership to provide container vulnerability scanning to official images on Docker Hub. Additionally, Docker has integrated scanning directly into Docker for Desktop clients.

Tools


streamalert
StreamAlert is a serverless, realtime data analysis framework which empowers you to ingest, analyze, and alert on data from any environment, using datasources and alerting logic you define.


howtheysre
A curated collection of publicly available resources on how technology and tech-savvy organizations around the world practice Site Reliability Engineering (SRE).


awesome-falco
A curated list of Falco related tools, frameworks and articles.


skan
sKan is a Kubernetes configuration files and resources scanner that enables developers and devops team members to check whether their work is compliant with security & ops best practices.


secrets-store-csi-driver
Secrets Store CSI driver for Kubernetes secrets - Integrates secrets stores with Kubernetes via a Container Storage Interface (CSI) volume.

From the cloud providers


AWS Icon  Introducing Amazon VPC Endpoints for AWS CloudHSM
You can now access AWS CloudHSM service APIs from your VPC using VPC endpoints, which provide connectivity to CloudHSM without requiring an internet gateway or a NAT instance.


AWS Icon  Introducing OIDC identity provider authentication for Amazon EKS
AWS introduced user authentication for EKS clusters from an OpenID Connect (OIDC) Identity Provider (IDP). The OIDC IDP can be used as an alternative to, or along with AWS Identity and Access Management (IAM).


AWS Icon  IAM Tutorial: Delegate access across AWS accounts using IAM roles
How to use an IAM role to delegate access to resources in different AWS accounts that you own.


AWS Icon  Use tags to manage and secure access to additional types of IAM resources
AWS IAM now enables administrators to use tags to manage and secure access to more types of IAM resources, such as customer managed IAM policies, Security Assertion Markup Language (SAML) providers, and virtual MFA devices.


GCP Icon  Discover and invoke services across clusters with GKE multi-cluster services
Google announced the general availability of multi-cluster services (MCS), a Kubernetes-native cross-cluster service discovery and invocation mechanism for GKE. MCS extends the reach of the Kubernetes Service primitive beyond the cluster boundary, so you can easily build Kubernetes applications that span multiple clusters.


GCP Icon  New private cloud networking whitepaper for Google Cloud VMware Engine
New Private cloud networking for Google Cloud VMware Engine whitepaper discussing the various connectivity options available in VMware Engine, with detailed explanations of traffic flows, optimization options and architectural design considerations.


GCP Icon  New whitepaper: CISO's guide to Cloud Security Transformation
Google's whitepaper sharing their thinking, based on their experiences working with Google Cloud customers, their CISOs, and their teams, on how best to approach a security transformation.


Azure Icon  Categorizing Microsoft alerts across data sources in Azure Sentinel
A reference to understand how Microsoft security solutions can be grouped into categories.

Website
Twitter
View this email in your browser © 2019-present
The Cloud Security Reading List by SecurityBite LTD.