Really interesting table top exercises designed to start a conversation. Although they are focused towards AWS and not all of them will be applicable to every environment, I highly recommend to try them with your monitoring team.

Blog detailing the systems Lyft built to address OS and OS-package level vulnerabilities in a timely manner across hundreds of services run on Kubernetes.

A well-written article on software supply chain security, covering: SLSA, different strategies for attacking Source Code Management (SCM), and attack trees.

An overview of RDS access management capabilities along with examples using Terraform.

A deep dive on KMS Key Access via KMS Key Grants and best practices with KMS Key Grants. Access via KMS Key Grants can be a forgotten means of allowing unauthorized applications, users, and other undesired access to use and manage KMS Keys.

As organizations increase their coverage of multifactor authentication (MFA), threat actors have begun to move to more sophisticated techniques to allow them to compromise corporate resources without needing to satisfy MFA. Recently, the Microsoft Detection and Response Team (DART) has seen an increase in attackers utilizing token theft for this purpose.

Ever wondered how storing secrets in the cloud can go wrong? This talk by @_sigil at BSides Toronto 2022 looks at common ways passwords should be stored.

How Azure Bastion Native Client support works, and how an adversary could abuse this feature to perform attacks against Azure VMs over private IP addresses, without having direct network connectivity to the VM.

If you're following the latest news on Kubernetes, you probably would have heard about Ephemeral Containers. Not sure? This blog post sheds some light on this new feature soon to be stable in Kubernetes v1.25.

They appear to issue AWS keys to developers that are not rotated for several years and store these keys in git. They also don't have a clear place to report security issues like this.

Automated Cleanup of Unused Google Cloud Projects. You can also refer to the companion blog post.

Get a full remote Linux server with a problem and fix it.

Tool and policy library for reviewing Google Kubernetes Engine clusters against best practices.

Tools for managing DNS across multiple providers.

GuardDog is a CLI tool to Identify malicious PyPI packages.

Pivit is a command line tool for managing x509 certificates stored on smart cards with PIV applet support (Yubikey), and using those certificates to sign and verify data.

Now, you can add multiple MFA devices to AWS account root users and AWS Identity and IAM users in your AWS accounts.

How to enrich flow logs with tags associated with resources from VPC flow logs in a completely serverless model using Kinesis Data Firehose and the recently launched Amazon VPC IP Address Manager (IPAM), and also analyze and visualize the flow logs using Amazon Athena and Amazon QuickSight.

Amazon S3 server access logs and AWS CloudTrail logs will soon contain information to identify S3 requests that rely upon an access control list (ACL) for authorization to succeed.

With IAM Deny policies, you can create rules that broadly restrict resource access. It provides a powerful, coarse-grained access control to help implement security policies at scale.

With Cloud Armor's latest update, customers can customize WAF rules with tuning options that help reduce the number of false positive alerts that may be generated for particularly sensitive applications.

A 5 part series discussing the different security controls for Bigquery at Rest.

Microsoft shared several key Azure Firewall capabilities as well as updates on recent important releases into general availability (GA) and preview.