NCC released a project called Aerides, which demonstrates how to integrate LocalStack and dynamic tools for assessing IaC. Aerides includes mock infrastructure for a web service that is written using Terraform's HCL. It is hosted on GitHub and uses GitHub Actions to perform automatic tests for pull requests.

Article discussing the effort to build Mercari's next generation CI system and some of their engineering solutions towards this effort. It also explores supply chain security as an increasingly important area of focus for CI/CD engineers.

They're at it again. This time attackers are phishing for credentials by sending fake AWS log-in pages to unsuspecting users.

Why you should care about ransomware attacks even for irrelevant internet-connected systems, and how to use duplicity with AWS S3 to create ransomware-resistant backups.

How to verify signed images in Amazon Elastic Container Service, with cosign.

Some approaches on how to manage IAM policies at scale, how these approaches/practices will affect access management and how to include these practices in an existing or new setup.

The AWS WAF and Shield service can be used to protect web applications against a lot of different types of attacks. However, it has a limitation on the size of the packet that it can inspect that could result in attackers being able to bypass its protection features.

It is now (finally!) possible to specify a default expiry for service account keys.

Falco 0.31.0 got released, introducing a brand new plugin system, as well as drivers and libs improvements.

A small Terraform module which automates the setup of OIDC federation between AWS and Github Actions/Gitlab CI

kubectl plugin for Kubernetes OpenID Connect authentication (kubectl oidc-login).

Vulnerable Kustomize Kubernetes templates for training and education.

Tweets when new GCP IAM updates are found.

A page covering its installation, Rules, Exceptions, Alerts, and Sidekick.

Post reviewing the challenges, opportunities and best practices for the unique security considerations associated with a multi-tenant SaaS application, and describes specific identity considerations, as well as tenant isolation methods.

How to use updates to DNS for effective disaster recovery, and highlights principles and best practices you should adopt when following this approach.

How to use custom Suricata Rules with AWS Network Firewall to add protections that prevent users from downloading malware.

Two ways with which you can specify a custom rotation window to rotate your secret, and how you can set up a custom rotation window for existing secrets.

Cloud Certificate Manager lets GCP users acquire and manage TLS certificates for use with Cloud Load Balancing.

Assured Workloads for EU on Google Cloud is now generally available to help address customer requirements for data residency and data sovereignty.

Google Cloud SQL Auth proxy is a binary that provides IAM-based authorization and encryption when connecting to a Cloud SQL instance.

Microsoft announced Azure Payment HSM, a "BareMetal" service delivered using Thales payShield 10K payment HSMs to provide cryptographic key operations for real-time, critical payment transactions in the Azure cloud.

Azure Firewall Premium has hundreds of signatures that are designed to detect C&C connectivity and block it to prevent the attacker from encrypting customers' data.

Post describing some Azure network security services that help organizations to address Zero Trust.