The PCI Council has published their best practice guidance for containers and container orchestration tools, super useful if you're using Kubernetes in PCI environments. On this topic, @raesene released a blog post which looks at some of the implications.

Firecracker is a microVM manager in Rust that powers AWS services like Lambda and Fargate. Here's how a red team team attacked a vulnerability in Firecracker.

How a security researcher abused Github Actions to get full root into the PyTorch CI runners.

How Lyft approaches managing user privacy in order to seamlessly handle compliance, data export, and deletion.

The Istio team announced Istio ambient mesh, a new dataplane mode for Istio without sidecars.

This page describes the ways in which the security controls built into the Kubernetes API server can be bypassed, so that cluster operators and security architects can ensure that these bypasses are appropriately restricted.

Post comparing CycloneDX, Syft (by Anchore), Microsoft.Sbom.Tool, Fossa, and Snyk (snyk2spdx).

Popping calc.exe on a Kubernetes Windows cluster node with hostprocess containers.

An intro guide to AWS Key Management Service (AWS KMS), its different key types, and access (IAM) best practices.

First of a series of posts where explaining how Falco generates its much needed driver and how to make it available to deployments.

HashiCorp announced the graduation of vault-k8s to version 1.0.

Matano is an open source security lake platform for AWS. It lets you ingest petabytes of security and log data from various sources, store and query them in an open Apache Iceberg data lake, and create Python detections as code for realtime alerting.

A stateless GitHub API proxy that allows creation and use of access-limited GitHub API tokens. Basically, it's identity and access management for GitHub API tokens.

An AWS tool to help you create a point in time assessment of your AWS account using Prowler and Scout as well as optional AWS developed ransomware checks.

plumber is a CLI devtool for inspecting, piping, massaging and redirecting data in message systems like Kafka, RabbitMQ , GCP PubSub and many more.

A summary of Audit Considerations from the AWS Cloud Audit Academy.

How to share encrypted S3 buckets across accounts on a multi-tenant data lake.

How to use IAM Identity Center APIs to automate managing users and groups in a scalable manner and gain better visibility into users and groups in the Identity Center directory.

How to migrate at scale with AWS Application Migration Service (AWS MGN), using a multi-account strategy.

Transition from a single-account environment to a multi-account environment, including best practices for migrating accounts, managing users, networking, and security.

Post exploring the networking components of GKE and the various options that exist.

Azure Storage now supports customer-managed keys using a key vault on a different Azure Active Directory tenant.