This week's articles
State of Cloud Threat Detection and Response Report
A report which summarizes the survey responses of 400 security leaders and SecOps practitioners in North America regarding the capabilities, practices, and behaviors of protecting against, identifying, and remediating cloud-based threats.
Hacking Your Cloud: Tokens Edition 2.0
Techniques attackers might use to exploit cloud tokens and gain access to resources. Strong token management, limiting privileges, and token revocation policies help mitigate risks.
Kubernetes 1.24 Security Audit
NCC Group performed a security evaluation of Kubernetes 1.24.0 release. Key findings included concerns with the administrative experience, flaws in communication between the API Server and the Kubelet which may result in an elevation of privilege, and flaws in input sanitization which provide a limited authorization bypass.
SLSA v1.0 is now final!
After almost two years since SLSA's initial preview release, the first official stable version, SLSA v1.0, has been released.