Release Date: 13/06/2021 | Issue: 91
CloudSecList is a newsletter for busy professionals who want to keep up to date with the cloud security industry. Hand-curated by Marco Lancini.

If you received it, you either subscribed or someone forwarded it to you. If you fit in the latter camp and want to subscribe, then you can click on this button:
Sign Up

The buyer's guide to next gen CSPM
With a significant increase in reliance on cloud and a shift to Infrastructure as Code (IaC), it's easy to see why existing CSPM solutions must evolve to keep pace. Download this report to be able to programmatically detect and resolve misconfigurations in IaC during development, as well as monitor infrastructure configurations in runtime and assess risk from configuration changes.

This week's articles

How Netflix uses eBPF flow logs at scale for network insight   #monitor
Netflix has developed a network observability sidecar called Flow Exporter that uses eBPF tracepoints to capture TCP flows at near real time.

Phishing for AWS credentials via AWS SSO device code authentication   #aws, #attack
AWS SSO is vulnerable by design to device code authentication phishing, providing a powerful phishing vector for attackers.

Retrieving AWS security credentials from the AWS console   #aws, #attack
How to retrieve AWS security credentials (AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY and AWS_SESSION_TOKEN) when authenticated in the AWS Console.

Top ten AWS identity health checks to improve security in the cloud   #aws, #defend
Ten recommended AWS identity health checks which can help you understand your IAM health, prioritize improvements to your IAM implementation, and operationalize effective access management processes.

Protecting sensitive data at Gusto with HAPII   #defend
Post outlining the design of HAPII (the Hardened PII store), and how Gusto leveraged it to improve data handling practices in their systems.

The vulnerability remediation lifecycle of Alpine containers   #docker, #defend
Post outlining all the moving pieces that exist in Alpine's remediation lifecycle, beginning from discovery of the vulnerability, to disclosure to Alpine, to user remediation.

A Census of Kubernetes Clusters   #kubernetes, #attack
It's quite easy to fingerprint Kubernetes clusters on the Internet, either via distinctive TLS certificates, or exposed API endpoints.

Siloscape: First Known Malware Targeting Windows Containers to Compromise Cloud Environments   #docker, #attack
The main purpose of Siloscape is to open a backdoor into poorly configured Kubernetes clusters in order to run malicious containers.

Announcing HashiCorp Terraform 1.0 General Availability   #announcement, #terraform
Terraform 1.0 (now GA) marks a major milestone for interoperability, ease of upgrades, and maintenance for your automation workflows.

Introducing the Open Source Insights Project   #announcement, #supply-chain
Google shared an exploratory visualization site: Open Source Insights, which provides an interactive view of the dependencies of open source projects.


Kubernetes External Secrets allows you to use external secret management systems, like AWS Secrets Manager or HashiCorp Vault, to securely add secrets in Kubernetes.

Kubernetes controller that automatically manages AWS IAM roles for ServiceAccounts.

Patrolaroid snapshots AWS instances and buckets to uncover malware, backdoors, cryptominers, toolkits, and other attacker tomfoolery that you probably don't want in your environment.


AWS Visibility & Enforcement
A collection of tools useful to provide visibility into, and enforcement of security practices across AWS accounts.

Sponsor CloudSecList

If you want to get yourΒ productΒ or job ad in front of thousands of security professionals, ranging from engineers to CISOs and VCs, at companies ranging from small start-ups to Fortune500 and FAANG, you can reach out at
πŸ“¨ [email protected] πŸ“¨

From the cloud providers

AWS Icon  How to implement SaaS tenant isolation with ABAC and AWS IAM
Detailed examples of how you can use ABAC in IAM to implement tenant isolation in a multi-tenant environment.

AWS Icon  Policy-based countermeasures for Kubernetes
Part 1 in a two part series discussing different policy-as-code solutions.

AWS Icon  Creating a notification workflow from sensitive data discover with Amazon Macie, Amazon EventBridge, AWS Lambda, and Slack
How to deploy a solution that uses Amazon Macie to discover sensitive data. This solution enables you to set up automatic notification to your company's designated data protection team via a Slack channel when sensitive data that needs to be protected is discovered.

GCP Icon  New Cloud Asset Inventory capabilities help assess your Google Cloud environment
Cloud Asset Inventory gets four new capabilities that help understand your environment more clearly and easily: a new user interface, asset discovery and Datadog integration, answer "who can access what resources?", and create asset posture visibility.

GCP Icon  Multi-Project Cloud Monitoring made easier
Google is providing more flexibility in Cloud Monitoring by replacing Workspaces with Metrics Scopes. Metrics Scopes handle all of the same operational tasks as the previous construct, and you can associate a project with multiple Metrics Scopes.

GCP Icon  Zero-trust managed security for services with Traffic Director
By integrating Traffic Director with CA Service, you can manage certificates for apps running on Google Kubernetes Engine.

Azure Icon  New policies to restrict personal access token scope and lifespan
Microsoft added a new set of policies which can be used to restrict the scope and lifespan of your company's Azure DevOps personal access tokens (PATs).

Azure Icon  What's new: customize entity page timeline
Azure Sentinel's User and Entity Behavior Analytics provide various capabilities, from resolving different user identifiers into one user account, enriching the data, triggering anomalies, and providing entity pages for the SecOps analyst to support the investigation.

Azure Icon  Detect credential leaks using built-in Azure Sentinel notebooks
Walk through of three Azure Sentinel notebooks that can scan logs across your entire Azure Sentinel workspace, Azure Blog storage, and Azure Data Explorer environment to detect credential leaks.

Thanks for reading!

If you found this newsletter helpful, I'd really appreciate if you could forward it to your friends and colleagues! πŸ‘Œ

If you have questions, comments, or feedback, let me know on Twitter (@lancinimarco / @CloudSecList), or at!

Forward Forward
Twitter Tweet
Share Share

How did you like this issue of CloudSecList?

1       2       3       4       5

Archives View in browser Sponsorship
Β© 2019-present, CloudSecList by Marco Lancini.