This is the full story of the Azure ChaosDB Vulnerability that was discovered and disclosed by the Wiz Research Team, where they were able to gain complete unrestricted access to the databases of several thousand Microsoft Azure customers.

Most of Azure services require some form of authentication for access. However, there are a few exceptions that allows the configuration of unauthenticated and unauthorized access. The most common ones are the Azure Blob Container and the Azure Container registry.

An overview of Google Cloud VPC network peerings, their anatomy, major misconceptions, and some watchpoints, so that users can learn how to use them wisely, while designing their infrastructures.

A background on what logging in Kubernetes looks like, followed by novel detection rules created around how privilege escalation is achieved within a Kubernetes cluster.

Learn about scalable logging patterns for your production Kubernetes clusters.

A 5-step journey to achieve continuous compliance without sacrificing speed.

A new way of signing container images without needing to manage signing keys, including a demo of how easy it is to get started signing on Amazon EKS thanks to cosign.

Post talking about the need of using Distroless container images and Cosign for safer production deployments.

The engagement uncovered a privilege escalation vulnerability in Flux that could enable users to gain cluster admin privileges. The issue has been fixed and is assigned CVE 2021-41254. You can also take a look at the full report.

The new variable sets in HashiCorp Terraform Cloud enable capabilities that help simplify use cases such as credential management, disaster recovery, tagging, and cost reduction.

No need for IAM users when we have Yubikeys.

GitHub App that enforces the Developer Certificate of Origin (DCO) on Pull Requests.

A Prometheus metrics exporter for AWS that fills in gaps CloudWatch doesn't cover.

CLI for determining the cost of Kubernetes workloads.

A collection of resources for HashiCorp Vault.

Amazon announced the availability of AWS Resilience Hub, a new AWS service designed to help you define, track, and manage the resilience of your applications.

AWS CloudTrail announces CloudTrail error rate Insights, a new feature of CloudTrail Insights that enables customers to identify unusual activity in their AWS account based on API error codes and their rate.

A no-ops method to build a S3C using Cloud Run, Cloud Build and Binary Authorization in Google Cloud.

Developers can now view trace information for applications directly in Google Cloud Logging for faster debugging.

Microsoft announced the preview of inline DDoS protection which will be offered through partner network virtual appliances (NVAs) that are deployed with Azure Gateway Load Balancer and integrated with Azure DDoS Protection Standard.

With the new Azure Bastion IP based connection capability, you can now connect to any target resource reachable from your Bastion using its private IP address.