Post delving into Clarity AI's experience in successfully obtaining ISO27001 and SOC2 Type 2 certifications within 10 months, shedding light on their strategies and insights for fellow scale-up companies.

Microsoft has released an updated Cloud Storage Threat Matrix, providing security professionals with a comprehensive understanding of the threats and countermeasures related to cloud storage. The matrix covers various attack techniques and provides guidance on how to protect against them.

A shadow workflow is a technique for using SaaS automation apps to provide a code execution-like method for conducting malicious actions from a legitimate source using OAuth integrations.

Some Azure services have an additional, not widely known, protection mechanism against session token exfiltration.

The remote-exec provisioner in Terraform can pose significant security risks to your infrastructure without proper control and awareness, such as exfiltrating sensitive information.

Attackers can take advantage of a quirk of the default AWS configuration (without SourceIdentity configured) to potentially make detecting and attributing their actions more difficult.

Post exploring two different attack scenarios: Cookie Theft via CloudFront Function, and Data Exfiltration via Lambda Function Modification.

Learn about the process of preventing security issues by changing things outside of your environment by looking at how a misconfiguration was occurring when Github Actions were integrated with AWS IAM roles and the improvements made that have now made this misconfiguration much less likely.

A new vulnerability has been discovered that could allow an attacker to exploit a race condition within GitHub's repository creation and username renaming operations. This technique could be used to perform a Repojacking attack.

With Kubernetes 1.28, Kubernetes Validating Admission Policies are now in beta stage. Does that mean it is the end of third party tools like Kyverno and OPA Gatekeeper?

Collection of tools for analyzing open source packages.

A python script that will help automatically enumerate and acquire relevant data from an AWS environment.

The article discusses different operating models for web application security governance in AWS. It provides examples of different models, including centralized, distributed, and hybrid approaches.

With this feature, you can limit access to the console only to a specified set of known accounts when the traffic originates from within your network.

Post explaining when it's appropriate to perform a DDoS simulation test on an application running on AWS, and what options you have for running the test.

Amazon updated the AWS Organizations service control policy (SCPs) evaluation page explaining how SCPs are evaluated with Allow and Deny statements.

IAM now provides action last accessed information for more than 140 services to help you refine the permissions of your IAM roles.

Post walking through the steps of securely turning up Google Cloud Media CDN.

What is a Golden Path? Who is a Golden Path for? When to build Golden Paths?

Infrastructure Manager uses Terraform to provision and manage Google Cloud resources using an integrated Infrastructure as Code (IaC) approach.

Understanding the relevance of what we're monitoring can help us support triage in advance.

Configure customer-managed keys for your existing Azure Cosmos DB account with Azure Key Vault.

Azure Front Door Standard and Premium support bring your own certificated based domain validation, streamlining the steps and efforts required to validate domain ownership.

Azure DevOps is starting to support Workload Identity Federation. This post is going to cover the end-to-end process of configuring and using Workload identity federation in Azure DevOps for your Terraform deployments.

How a new alert enrichment in Microsoft Defender for Cloud can help to detect and remediate identity-based supply chain attacks.

Protect the sensitive data getting stored in your Web Application Firewall (WAF) using log scrubbing on Azure's regional Web Application Firewall running on Application Gateway.

Wolt is hiring a Security Engineer to focus on cloud security and incident response.

Confluent is hiring a Senior Security Engineer to focus on cloud security. The role involves designing and implementing security controls, conducting security assessments, and collaborating with engineering teams to ensure the security of Confluent's cloud-native platform.

The role involves leading a team to develop and implement data loss prevention strategies and technologies, as well as managing incidents and conducting investigations.

Netflix is looking for an experienced Engineering Manager who will lead and grow a team of senior engineers for the Cloud Networking group in the Network Platform organization.