The third in a series by Palantir InfoSec on their journey enforcing FIDO2 authentication via hardware authenticators (YubiKeys) across all of Palantir.

Read the complete incident report from CircleCI's January 4, 2023.

Although all deployed microservices are vulnerable, there is much that can be done to ensure microservices are not exploited.

Different areas that could help leaking secrets from GitHub Actions workflows vulnerable to command injection: reading files and environment variables, intercepting network/process communication, and dumping memory.

Post examining the original motivation and some key features behind Uber's been multi-year journey to reimagine their infrastructure stack for a hybrid, multi-cloud world.

The Datadog Security Research Team identified a method to bypass CloudTrail logging for specific IAM API requests via undocumented APIs. This technique would allow an adversary to perform reconnaissance activities in the IAM service after gaining a foothold in an AWS account, without leaving any trace of their actions in CloudTrail.

A bug which had the impact of a single-click RCE in a victim user's Compute Engine instance.

How the Orca Security team uncovered an SSRF Vulnerability in the Azure Functions app, allowing any unauthenticated user to request any URL by abusing the server.

A vulnerability in Azure Active Directory (Azure AD) allowed a user to retain access to a targeted Security Assertion Markup Language (SAML) application.

A remote code execution vulnerability affecting Azure cloud services and other cloud sovereigns including Function Apps, App Service and Logic Apps.

This package provides an easy way to create a refreshable boto3 Session with AWS Roles Anywhere.

containerdbg is an all-in-one command-line tool to help debug Kubernetes containers with common issues that arouse when moving to containers as part of legacy application modernization.

A program which ensures source code files have copyright license headers by scanning directory patterns recursively.

Terraform modules for Google Cloud, made by Google Cloud.

Walk through the steps required to build a secure, private continuous integration/continuous development (CI/CD) pipeline with no public internet access while maintaining log retention in Amazon CloudWatch.

How to revoke access to specific users' sessions on AWS assumed roles through the use of AWS IAM policies and service control policies (SCPs) via AWS Organizations.

How to use a CAPTCHA with other AWS WAF controls as part of a layered approach to provide comprehensive protection against bot traffic.

Cloud Logging's Log Analytics, with advanced search, as well as aggregation and transformation of all log data types, is now generally available.

Key principles that can serve as your guide when navigating a cloud security transformation journey.