Post looking at some common phishing tactics in AWS: Credential Phishing, Device Authentication Phishing, CloudFormation Stack Phishing, and ACM Email Validation Phishing.

What do attackers do with exposed AWS access keys? This blog looks inside AWS SES to give deeper insights into the service, why & how its targeted and how to detect it.

Learn how to detect malicious persistence techniques in AWS, GCP, and Azure after potential initial compromise, like with the CircleCI incident.

Learn about short-term access keys (unofficially also known as temporary tokens or temporary credentials) in AWS, and how they can be compromised.

Cedar is a new language created by AWS to define access permissions using policies, similar to the way IAM policies work today. This post explains both why this language was created and how to author policies with it.

You can grant developers permission to invoke iam:CreateRole without worrying that an errant role trust policy has opened up access to the entirety of Github.com.

Post walking through the initial steps of an investigation following an incident in AWS.

A speculative look into the perils and opportunities that 2023 holds for cloud native security.

How to use HashiCorp Boundary to provide identity-based remote access and credential management for Kubernetes clusters.

Python library to carry out DFIR analysis on the Cloud.

A utility to dump all Protobuf file descriptors from a given binary as *.proto files.

A simple framework to explain how to centralize logs and detect a bare minimum of potential threats in Microsoft Azure.

Example code for bootstrapping trust between Terraform Cloud and cloud providers in order to use TFC's Workload Identity.

Introspecting and debugging Kubernetes applications using eBPF "gadgets".

Now, S3 automatically applies server-side encryption (SSE-S3) for each new object, unless you specify a different encryption option.

With this feature, RDS fully manages the master user password and stores it in AWS Secrets Manager whenever your RDS database instances are created, modified, or restored.

Amazon updated the AWS Security Incident Response Guide to more clearly explain what you should do before, during, and after a security event.

AWS announces the retirement of IAM actions for AWS Billing, Cost Management, and Account consoles under aws-portal service prefix, purchase-orders:ViewPurchaseOrders, and purchase-orders:ModifyPurchaseOrders and is replacing them with fine-grained service specific actions.

VPC Service Controls can play a vital role in creating additional security while making it easier to manage data in a way that most cloud services can't do today.

Google released their fifth Threat Horizons Report.

How to use Infrastructure as Code to build Hierarchical Firewall Policies for consistently implementing guardrails in Google Cloud environments.