A (now fixed) privilege escalation that allowed an Azure AD user to escalate from the Log Analytics Contributor role to a full Subscription Contributor role.

A vulnerability in the AWS WorkSpaces desktop client (CVE-2021-38112), which allows commands to be executed if a victim opens a malicious WorkSpaces URI from their browser.

As an attacker, Serverless environments are a very different target when compared with their traditional server-based counterparts. Even gaining remote code execution, which would normally spur a race to escalate privileges, has a very different connotation.

Understanding the iam:PassRole permission is key to not only getting your applications working in AWS, but also doing it securely.

How to implement group-based authorization with AppSync Lambda authoriser, which makes it easier to integrate with 3rd party identity services when you're building a multi-tenant system.

This article is focused on the security risks involved in a cloud migration, and provides a compilation of common security anti-patterns and best practices for architects only familiar with traditional on-premise data centers to follow.

k8s-lab-plz is a modular Kubernetes lab which provides an easy and streamlined way to deploy a test cluster with support for different components.

Post talking about the importance of supply chain security and how to implement container image trust in Docker and Kubernetes using Notary.

How to apply common security principles and what tool to choose to prevent attacks on your Docker containers and Kubernetes clusters.

Distroless builds have achieved SLSA 2. SLSA is a security framework for increasing supply chain security, and Level 2 ensures that the build service is tamper resistant.

Sidecar for managing OPA on top of Kubernetes.

GitOops is a tool to help attackers and defenders identify lateral movement and privilege escalation paths in GitHub organizations by abusing CI/CD pipelines and GitHub access controls.

GitHub Action for authenticating to Google Cloud with GitHub Actions OIDC tokens and Workload Identity Federation.

I've completely overhauled the DevOps section of CloudSecDocs, among other little tweaks in other sections. Go check it out!

How to use Incident Manager, a capability of AWS Systems Manager, to build an effective automated incident management and response solution to security events.

You can connect any Kubernetes cluster, including Amazon EKS Anywhere clusters running on-premises, self-managed clusters on EC2, and other clusters running outside of AWS.

New Amazon Detective capabilities help security analysts easily investigate unusual activities on their S3 buckets and deep dive on findings related to low-reputation domain names.

You can create an AWS Lambda function and then trigger that function during user pool operations such as user sign-up, confirmation, and sign-in (authentication) with a Lambda trigger. You can add authentication challenges, migrate users, and customize verification messages.

Google added extensions to Cloud Storage, and introducing two new services, Filestore Enterprise, and Backup for Google Kubernetes Engine (GKE). Together, these new capabilities will make it easier for you to protect your data out-of-the box, across a wide variety of applications and use cases.

Article which compares & contrasts 5 mechanisms for cultivating network signal telemetry for forensics, security analytics, advanced threat detection, and hunting.

Google announced the Preview for Backup for GKE, a simple, cloud-native way for you to protect, manage, and restore your containerized applications and data. With Backup for GKE, you can more easily meet your service-level objectives, automate common backup and recovery tasks, and show reporting for compliance and audit purposes.

Google announced Google Cloud Deploy, a managed, opinionated continuous delivery service that makes continuous delivery to GKE easier, faster, and more reliable.

Private network access for Azure control plane APIs, now in public preview, allows for all calls to Azure APIs happen inside your private network and never on the public internet.

Some tips about current attacks in the wild, agents and software involved, indicators for defenders to look for on host machines, and new detections in Azure Sentinel.

How to optimize Audit Logging within Azure DevOps, by enabling the new, currently in public preview, ADO Audit Stream.