A comprehensive SBOM is a valuable part of any organization's security toolbox. By looking at SCA tools critically and understanding their theory of operation we can generate more complete and accurate SBOMs.

There's a myth that Sigstore makes revocation harder; in fact, the opposite is true! While it is true that the signatures on software are stored forever, software verification using Sigstore does support artifact revocation.

OpenSSF announced the initial prototype version of the Package Analysis project, a project addressing the challenge of identifying malicious packages in popular open source repositories.

Paper which outlines the paths a malicious actor might take to affect the availability of data by using the tools provided by Cloud Service Providers, as well as providing architectural patterns to make securing these systems easier and methods for detecting cloud-native ransomware.

This post walks through exploiting serverless environments and AWS Lambda functions via the CloudGoat vulnerable_lambda scenario.

Wiz Research has discovered a chain of critical vulnerabilities in the widely used Azure Database for PostgreSQL Flexible Server. Dubbed ExtraReplica, this vulnerability allows unauthorized read access to other customers' PostgreSQL databases, bypassing tenant isolation.

The Assetnote team discovered a pre-authentication vulnerability that allowed to make arbitrary HTTP requests, including requests with any HTTP method and request body. In order to exploit this SSRF, they had to reverse engineer the encryption algorithm used by VMWare Workspace One UEM.

The Kubernetes 1.24 release brings many changes, including Dockershim removal, signing of Kubernetes artifacts with Cosign, and other improvements.

Audit your GitHub data using custom policies written in Rego.

A codesigning tool for Python packages.

Easily check your clusters for use of deprecated APIs.

The Threat Hunting In Rapid Iterations (THIRI) Jupyter notebook is designed as a research aide to let you rapidly prototype threat hunting rules.

AWS IAM launched new condition keys to make it simpler to control access to your resources along your organizational boundaries. By using the new conditions, aws:ResourceOrgID, aws:ResourceOrgPaths, and aws:ResourceAccount, you can define access controls based on an AWS resource's organization, organizational unit (OU), or account. These conditions make it simpler to require that your principals (users and roles) can only access resources inside a specific boundary within your organization.

How you can configure the AWS STS SourceIdentity attribute in Okta, Ping, and OneLogin to help you track usage of your APIs.

How to extend your Git hooks to validate your AWS CloudFormation templates against policy-as-code rules by using AWS CloudFormation Guard.

The faster you can find logs, the faster you can resolve issues! Google announced a simpler way to find logs in Logs Explorer.

Ten tips providing some insight into helping you design a better cloud network architecture from the beginning.

Azure Container Apps now includes built-in authentication. Integrate one or more identity providers without writing any code.

Block domain fronting behaviour on Azure Front Door, Azure Front Door (classic), and Azure CDN Standard from Microsoft (classic) resources.