Some thoughts on building a successful Cloud Security Program.

Post highlighting some common threats and exploits in Google Cloud, with the aim to share information to create detections that will catch the early signs of attacker activity.

The purpose of the Azure Threat Research Matrix (ATRM) is to conceptualize the known tactics, techniques, and procedures (TTP) that adversaries may use against the Azure platform.

Some macro-areas to consider when securing step functions: IAM roles and policies, data security, logging and monitoring, and abuse.

What does "public" actually mean? And how does S3 Block Public Access work? This post answers these questions hoping to shed some light on how S3 Block Public Access can help protect S3 buckets from public access.

This project aims to compare and evaluate the telemetry of various EDR products.

The article discusses the benefits of using Nix, a functional package manager, with Dockerfiles to create reproducible and efficient container images. Nix allows for easy management of dependencies and versioning, while Dockerfiles provide a portable and scalable way to distribute the images.

A comprehensive threat modeling analysis of a typical production setup of Argo CD and accompanying security considerations.

The vulnerability could allow threat actors to change a malicious application to be invisible and unremovable, effectively leaving the victim's Google account infected with a trojan app forever.

A particular case where possession of an AWS access key/secret key alone was equivalent to possession of those keys and a previously configured MFA.

A write-up about a vulnerability which could have exposed the access token of GitHub Staff.

No-code provisioning is now GA for Terraform Cloud Business, providing validated self-service infrastructure, additional security through more granular permissions, and ease of use with variable options as dropdowns.

You can get a free Microsoft 365 subscription with 25 user licenses to learn and create automations.

A python module to aid in Service Control Policy management in AWS accounts.

Example AWS Service control policies to get started or mature your usage of AWS SCPs.

Dexter can be placed into your CI processes to scrape through the repository and find files that contain image references, with the aim of pinning them to the immutable digest.

Security recommendations and scripts for Microsoft Defender for Cloud.

Azure AD Role Monitor is a small project that scans Azure AD built in roles, and automatically identifies sensitive or dangeorus roles based on the actions that the role is able to perform on an Azure AD tenant.

Best practices for organizational units when using AWS Organizations

Customers with multiple organizational units (OU's), and accounts can now create up to 10 AWS Firewall Manager administrator accounts from AWS Organizations service to manage their firewall policies.

You can now define fine-grained permissions that specify who can do what under specific conditions with your shared resources.

They are: new container runtime protection for EKS, extended coverage for data stored in Amazon Aurora, and support for serverless applications in AWS Lambda.

This blog post helps customers in mitigating DDoS using AWS Shield Advanced, AWS WAF, and data science. We explore how to use these services along with machine learning (ML) to detect and mitigate DDoS attacks.

At the RSA Conference, Google announced Cloud Security AI Workbench, an industry-first extensible platform powered by the specialized LLM Sec-PaLM.

Google Cloud will integrate their Security AI Workbench with Security Command Center Premium. Here's how that can help you secure your organization.

Chronicle customers will be able to search security events and interact conversationally with the results, all without learning a new syntax or schema.

Google Cloud and Mandiant plan to use LLMs to transform threat intelligence and how it is operationalized. Here's why.

Google Cloud is making it easier to help detect API abuse with the introduction of Advanced API Security Machine Learning powered abuse-detection dashboards. Here's what's new.

API Management Authorizations are now generally available, providing a simple and reliable way to unbundle and abstract authorizations from web APIs.

When creating an alert rule using the Azure portal, configuring the condition of the alert rule is now made simpler with popular signals and settings.

You can now restrict inbound traffic by IP without using a custom solution.