AWS has finally updated the documentation around determining whether a request is allowed or denied within an account.

Learn how to secure AWS with usable IAM architecture, policies, and automation that scales security best practices efficiently to all developers.

An useful step-by-step example on how to configure your GitHub Actions build jobs to securely and seamlessly use IAM Roles in AWS.

If you are rolling out features that require GitHub API access to your customers, be mindful of how you are doing it. It is easy to unintentionally and unexpectedly expose a customer's GitHub data to unauthorized users.

How an attacker with access to your Kubernetes cluster could do a container escape (running a pod to gain root privileges, escaping the pod onto the host, and persisting the attack with invisible pods and fileless executions), and how to detect these attacks.

How to create a malicious admission controller, understanding its technicalities, and analyzing its impact.

A research which confirmed that Docker files usually contain a mind-blowing amount of hardcoded credentials. They included AWS and other cloud environment access keys, private keys, webhooks, and more. The most commonly found secret was the username and password to clone git repositories.

Another security issue discovered in Azure: due to a misconfiguration, Automation Account "Run as" credentials (PFX certificates) were being stored in cleartext in Azure Active Directory (AAD).

First in a blog series that covers the audit logs available in Azure, discusses the security insights that we can obtain from them, and also highlights existing blind spots that can save you a few headaches down the line.

With release 1.9, Vault can now act as an OIDC provider itself, allowing applications to leverage pre-existing Vault identities for delegating authentication and authorization into their applications.

This blog post is an introduction to Fulcio, a free Root-CA for code signing certs - issuing certificates based on an OIDC email address.

An authenticating Docker Registry proxy with transparent Kubernetes integration.

This script will update all the Alternate Contacts for all accounts in an AWS Organization.

A Cloud Forensics Powershell module to run threat hunting playbooks on data from Azure and O365.

A collection of resources for HashiCorp Terraform.

Post discussing temporary elevated access and how it can mitigate risks related to human access to your AWS environment.

The AWS Fall 2021 SOC reports are now available through Artifact in the AWS Management Console. The SOC 3 report can also be downloaded as PDF.

How stateful rules are evaluated using a recently added feature, the strict rule order method.

With support for nested OUs, you can now easily organize accounts in your Control Tower environment in a hierarchical, tree-like structure.

Google announced the launch of their Risk and Compliance as Code (RCaC) Solution. The RCaC solution stack enables compliance and security control automation through a combination of Google Cloud Products, Blueprints, Partner Integrations, workshops and services.

GCP added a Console view that shows you relevant CVEs and installed packages within your VMs.

Microsoft announced the preview of Gateway Load Balancer, a fully managed service enabling you to deploy, scale, and enhance the availability of third-party NVAs in Azure, that builds on that capability.