Google announced the deps.dev API, which provides free access to the deps.dev dataset of security metadata, including dependencies, licenses, advisories, and other critical health and security signals for more than 50 million open source package versions.

This post covers how Go helps teams with the tricky problem of managing vulnerabilities in their open source packages.

Microsoft released a blog post discussing threats we face in their DevOps environment, introducing their new threat matrix for DevOps. Using this matrix, they show the different techniques an adversary might use to attack an organization from the initial access phase and forward.

Read about seven common myths surrounding cloud surfaces and the importance of securing cloud data from ransomware attacks.

Kubelet authorization can be a bit of a confusing topic in Kubernetes as it doesn't (usually) use RBAC. This post tries to explain how it works.

A reference architecture including several components, such as a virtual network, a bastion host, a load balancer, and a cluster of virtual machines running a web application.

Post explaining IAM Roles and Instance Profiles, how to create and manage them, and attach them to EC2 instances to grant permissions to access AWS services while adhering to security best practices.

The article discusses the rise of ransomware attacks in cloud environments and provides examples of recent attacks. It highlights the importance of securing cloud infrastructure and recommends best practices for preventing and responding to ransomware attacks in the cloud.

How the Orca Security team discovered a critical exploitation path, utilizing Microsoft Azure shared key authorization, and provide key mitigation steps.

An interesting privilege escalation scenario in Kubernetes (EKS) involving NodeRestriction.

The CNCF's Platforms working group (WG) announced the first release of a whitepaper to provide guidance and clarity on the nature and benefits of platforms for cloud-native computing.

This release consist of 60 enhancements. 18 of those enhancements are entering Alpha, 29 are graduating to Beta, and 13 are graduating to Stable. You can also checkout a summary of new security-related features.

A service that gives you better visibility on networking issues in your Kubernetes cluster by detecting the traffic denied by iptables and surfacing corresponding information to the affected Pods via Kubernetes events.

Create a centralized API for creating/deleting EC2 CloudWatch alarms on EC2 Instance Metrics in a multi-account AWS Organizations implementation.

A CDK template that provisions an end to end pipeline using CodePipeline, CodeCommit and CodeBuild.

Collection of Google Container and Artifact Registry workflows.

Spoofy is a program that checks if a list of domains can be spoofed based on SPF and DMARC records.

AWS Lambda announced support for response payload streaming. Response streaming is a new invocation pattern that lets functions progressively stream response payloads back to clients.

This update introduces changes across all six pillars of the framework. Services that were added or expanded in coverage include: Elastic Disaster Recovery Trusted Advisor, Resilience Hub, Config, Security Hub, GuardDuty, Organizations, Control Tower, Compute Optimizer, Budgets, CodeWhisperer, and CodeGuru.

How to use CloudTrail Lake capabilities to investigate CloudTrail activity across AWS Organizations in response to a security incident scenario.

A cost savings guide for Cloud Monitoring.

Assured Workloads allows governments and regulated industries to accelerate innovation and meet stringent compliance requirements at scale.

Post exploring the concept of container image signing, the benefits of signing container images, how Azure implemented signing in Windows containers, and how it can be verified.

Open source documentation of Microsoft Azure.