Release Date: 23/05/2021 | Issue: 88
The Cloud Security Reading List is a low volume newsletter (delivered once per week) that highlights security-related news focused on the cloud native landscape, hand curated by Marco Lancini.
Sponsor

Between Nov 2020 to Feb 2021, over 5232 CVEs were reported on NIST
That's a lot of vulnerabilities continually disclosed, and the velocity at which vulnerabilities (especially web) are discovered is faster today. How do you go about determining which ones of these will affect your tech stack? This demands security practitioners to find security practices in a scalable and sustainable way.
Learn how modern and security-mature SaaS leaders approach security with speed, scale and collaboration [E-book available].

This week's articles


🧩 On Establishing a Cloud Security Program 🧩
#strategy, #defend
Some actionable advice that can be undertaken to establish a cloud security program aimed at protecting a cloud native, service provider agnostic, container-based, offering. And the roadmap template can be found at: roadmap.cloudsecdocs.com.


CNCF Paper Defines Best Practices for Supply Chain Security
#defend
CNCF announced a new paper, Software Supply Chain Security Best Practices, designed to provide a holistic approach to supply chain security by highlighting the importance of layered defensive practices.


Revealing the secrets of Kubernetes secrets
#kubernetes, #explain
The protection layers Kubernetes offers to protect Secrets in your cluster.


PCI DSS compliance in Kubernetes-based platforms
#kubernetes, #defend
Kubernetes alone does not help achieve PCI DSS compliance. This article covers the 12 requirements of how fintech businesses can make it more compliant.


Detecting Obfuscated Attacker IPs in AWS
#aws, #monitor
A new obfuscation technique using AWS VPC features: attackers could change the IP address written to AWS CloudTrail logs.


The Need to Protect Public AWS SSM Documents
#aws, #attack
Check Point researchers detected several SSM (Systems Manager) documents that led to the discovery of over five million Personally Identifiable Information (PII) records and credit card transactions for several companies.


Modern Bastion Hosts
#aws, #build
In the modern world of networking, where do bastion hosts fit in? Even in a perfect world of Zero Trust with extremely robust user and device identity based authentication, it would still be risky to have all of your infrastructure publicly accessible.


How to deploy Sysmon and MMA Agent to receive logs in Azure Sentinel?
#azure, #build
How to deploy Sysmon on endpoints and how to push logs to Azure Sentinel.


Learn Secure Access Management with Boundary
#boundary, #explain
The Getting Started collection on HashiCorp Learn provides a jump-start for installing and running Boundary in a dev environment and getting a sense for how Boundary enables access based on user identity.

Tools


iamlive-lambda-extension
iamlive as a Lambda extension to help you quickly achieve least privilege with your deployed Lambda functions.


aws-assume-role-lib
Assumed role session chaining (with credential refreshing) for boto3.


kube-secret-syncer
A Kubernetes operator to sync secrets from AWS Secrets Manager.


kURL
Production-grade, airgapped Kubernetes installer combining upstream k8s with overlays and popular components.


plumber
plumber is a CLI devtool for inspecting, piping, massaging and redirecting data in message systems like Kafka, RabbitMQ , GCP PubSub and many more.


outdated
Kubectl plugin to find and report outdated images running in a Kubernetes cluster.

From the cloud providers


AWS Icon  Introducing AWS CloudFormation Guard 2.0
Guard is a simple, open-source way for you to define constraints (e.g. is volume encrypted). With 2.0, AWS added a number of features to make it much easier to write guard rules -- better validation and testing, more concise and simple rules, a new IN operator, filtering, named rules, and making guard more general purpose (e.g. can be run on Terraform and Kubernetes configurations as well).


AWS Icon  AWS App Runner: From Code to a Scalable, Secure Web Application in Minutes
AWS App Runner makes it easier to deploy web apps and APIs to the cloud, regardless of the language they are written in. It has AWS operational and security best practices built-it and automatically scale up or down.


AWS Icon  Fast and Secure Account Governance with Customizations for AWS Control Tower
How to customize your landing zone to align with your business needs using an AWS Solution called Customizations for AWS Control Tower.


AWS Icon  How to verify AWS KMS signatures in decoupled architectures at scale
A delegated authorization use case, to illustrate how to use KMS to sign the data, while the verification is performed in independent, distributed environments.


AWS Icon  Amazon Macie supports criteria-based bucket selection for sensitive data discovery jobs
Amazon Macie now allows you to define a run-time criteria to determine which S3 buckets should be included in a sensitive data discovery job.


GCP Icon  Export Google Cloud security data to your SIEM system
How to deploy a unified export pipeline that uses Cloud Pub/Sub and Dataflow to aggregate and stream logs from Cloud Logging, security findings from Security Command Center, and asset changes from Cloud Asset Inventory.


GCP Icon  Eliminate firewall misconfigurations with Firewall Insights
Firewall Insights creates visibility into your firewall rule set by providing a single console for managing Google Cloud network visibility, monitoring and troubleshooting.


GCP Icon  OS configuration management (preview)
Google introduced OS configuration management, which uses OS policies to automate and centralize the deployment, configuration, maintenance, and reporting of software configurations on your virtual machine (VM) instances.


GCP Icon  Arming Google Workspace users and admins with advanced counter-abuse and threat-analysis capabilities
Google added new security capabilities into Google Workspace, including Alert Center enrichment with VirusTotal threat context, restricted access to resources, and user blocking in Drive.

Thanks for reading!

If you found this newsletter useful and interesting, and know other people who would too, I'd really appreciate if you'd forward it to them πŸ™

If you have questions, comments, or feedback, just reply to this email orΒ let me know on Twitter @lancinimarco!

Thanks,
Marco
Forward Forward
Twitter Tweet
Share Share
Website
Twitter
View this email in your browser Β© 2019-present
The Cloud Security Reading List by SecurityBite LTD.