#announcement, #aws

There were 234 AWS announcements in pre:Invent season. Chris Farris analysed 27 of them related to security and governance.

#aws, #azure, #gcp, #iam

Continuing with efforts on the permissions.cloud project, Ian Mckay has now have both Azure and GCP spaces available: azure.permissions.cloud and gcp.permissions.cloud.

#attack, #gsuite

It was possible to make yourself admin of any GSuite Organization by modifying a request to just specify a different domain (and org id).

#attack, #aws, #defend

Temporary AWS API access key IDs, issued by AWS, are not unique and could repeat, which can impair AWS security tools detection capabilities.

#containers, #explain, #kubernetes

What is a Container? Container vs. VM? Docker vs. Kubernetes? How to organize the learning efficiently?

#kubernetes, #opa

How you can use some new features in Gatekeeper to enable container signature verification.

#kubernetes, #opa

The gator CLI is a new tool that ships with Gatekeeper version 3.7 and provides policy authors a way to test policy prior to being deployed to Kubernetes.

#build, #ci/cd, #opa

How to validate manifest files using Open Policy Agent and automate this using GitHub Actions.

#ci/cd, #iam

GitHub Actions now supports OpenID Connect for secure deployment to different cloud providers via short-lived, auto-rotated tokens.

#explain, #kubernetes

Step by step walkthrough explaining how to create from scratch a Kubernetes validating webhook using Python and the Flask framework.

A pseudo shell re-invoking a Lambda for each command.

A web-based simulator for the Kubernetes scheduler.

Build distroless images with alpine tools.

Ingesting Shodan Monitor Alerts to Azure Sentinel.

AWS IAM now includes the policy type that's responsible for the denied permissions in access denied error messages.

Walkthrough detailing the steps needed to integrate Azure AD as a federated identity provider in Amazon Cognito user pool.

Amazon DynamoDB now helps you meet regulatory compliance and business continuity requirements through enhanced backup features, including copying on-demand backups cross-account and cross-Region, cost allocation tagging for backups, and transitioning backups to cold storage.

Amazon announced the public preview of Amazon Linux 2022 (AL2022), Amazon's new general purpose Linux for AWS that is designed to provide a secure, stable, and high-performance execution environment to develop and run your cloud applications.

The first threat report from the Google Cybersecurity Action Team finds cloud users are often targeted by illicit coin mining, ransomware, and APTs.

Security Command Center mute findings capability helps you gain operational efficiencies by effectively managing the findings volume based on your organization's policies and requirements.

How to leverage the Data Loss Prevention API to solve the problem of storing sensitive data within application logs.

This article lists 5 options to integrate GKE and GSM. For each option it lists the pros and cons, and a link to a code sample.

Over the past few months, Microsoft added several new capabilities to Azure Virtual WAN to simplify routing design and management.

The Azure AD backup authentication service transparently and automatically handles authentications for supported workloads when the primary Azure AD service is unavailable. It adds an additional layer of resilience on top of the multiple levels of redundancy in Azure AD.