TL;DR: Limit the use of third party Terraform modules and if you do use them, use the "Verified" ones.

Malicious actors could exploit CVE-2022-24348 affecting Argo CD to load a Kubernetes Helm Chart YAML file and "hop" from their application ecosystem to other applications' data outside of the user's scope.

The GKE Admin Activity logs are missing "get" operations on Secret objects by default. So for example, if you store a service account password in your cluster as a Kubernetes secret, a "kubectl get secret service_account_password -o yaml" will get an attacker the entire secret without logging a single line into the audit logs.

The challenge is to protect service-level (or local) authentication credentials from malicious or unintended use in a way that is manageable at scale.

The benefits and limitations of signing an open source package, using a private key to create a unique digital signature, are a surprisingly contentious topic.

How to compose policies based on dynamic attributes provided with the request when querying Open Policy Agent (OPA) for decisions.

AWS Canarytokens are a low-effort, high-fidelity method to detect attackers who have compromised your infrastructure.

How to use the Elastic serverless forwarder, that is published in the AWS Serverless Application Repository (SAR), to simplify log ingestion from S3.

Version 4.0 of the HashiCorp Terraform AWS provider brings usability improvements to data sources and attribute validations along with a refactored S3 bucket resource. The list of breaking changes for this release is quite long.

GRR Rapid Response: remote live forensics for incident response.

Tool to validate GitHub Action and Workflow YAML files.

Automatically gets credentials for Amazon ECR on docker push/docker pull.

kbrew is homebrew for Kubernetes.

How Amazon Kinesis and Amazon Lookout for Metrics can be used to detect major and minor anomalies near-real time, based on historical and current traffic trends.

AWS announced the general availability of AWS CloudFormation Hooks, a feature that allows customers to invoke custom logic to automate actions or inspect resource configurations prior to a create, update or delete CloudFormation stack operation.

How to use email addresses and domain names for user authentication (part 1, part 2).

You can replicate existing S3 objects and synchronize your buckets using the new Amazon S3 Batch Replication feature.

The new container-native Cloud DNS integrates Cloud DNS with Google Kubernetes Engine (GKE) to provide in-cluster Service and Pod DNS resolution.

Azure's foundation for confidential computing includes: hardware root-of-trust, remote attestation, trusted launch, memory isolation and encryption, and secure key management.