One of the more difficult challenges faced by platform developers: striking the right balance between freedom and security. How do you give product developers the tools to build apps while securing those projects at scale?

The first in a series by Palantir InfoSec on our journey enforcing FIDO2 authentication via hardware authenticators (YubiKeys) across all of Palantir.

Chris Farris highlights AWS's interesting and impactful security announcements in the lead-up to AWS re:Invent.

Hacking images in old Emails, by registering the buckets or domains they point to, allows to vandalize old emails.

A guide which covers what is Cloudflare Bot Management, how Cloudflare detects bots, and how to reverse engineer and bypass Cloudflare.

A cross-tenant vulnerability in AWS AppSync, which allowed an attacker to access data in victims' accounts.

Synacktiv recently analyzed the detection capabilities of Microsoft Defender for Identity, a cloud-based security solution which is the successor of Microsoft Advanced Threat Analytics and part of Microsoft Defender 365.

With Kubernetes v1.25, SIG Auth is introducing a new v2alpha1 version of the Key Management Service (KMS) API. KMS provides an interface for a provider to utilize a key stored in an external key service to perform encryption operations.

A distroless image containing only git and related utilities.

A Python library to utilize AWS API Gateway's large IP pool as a proxy to generate pseudo-infinite IPs for web scraping and brute forcing.

Finch is an open source client for container development. You can also refer to the companion blog post.

Run kubectl commands in all/some contexts in parallel (similar to GNU xargs/parallel).

The API traffic viewer for Kubernetes providing deep visibility into all API traffic and payloads going in, out and across containers and pods inside a Kubernetes cluster.

The GitHub Actions Importer helps you plan and automate the migration of Azure DevOps, CircleCI, GitLab, Jenkins, and Travis CI pipelines to GitHub Actions.

The top three most commonly used Security Hub usage patterns: dashboard for application owners, a single pane of glass for security professionals, and centralized routing to a SIEM solution.

With this launch, you can now use Secrets Manager to automate the rotation of credentials and access tokens that need to be refreshed more than once per day.

AWS introduced the use of payload-based message filtering for SNS, which provides event routing for JSON-formatted messages. This enables you to write filter policies based on the contents of the messages published to SNS.

AWS CloudFormation now supports accounts, OUs, and policies from AWS Organizations. Now you can easily manage your organization using IaC as stacks in CloudFormation.

An overview of some of the security risks the identity perimeter is designed to address, policy examples, and implementation guidance for establishing the perimeter.

A tutorial showing how to subscribe to Cloud Asset Inventory's real-time notifications for changes, and get an alert when a Google Compute Engine Instance with a Public IP is created.

Shareable links allows users to connect to target resources via Azure Bastion without access to the Azure portal.