Similar to what they did for AWS in the past, this blog post from the RhinoSecurity team aims to provide a source for privilege escalation techniques, this time for Google Cloud Platform (there is also a part 2 which covers non-IAM related methods). If you are not interested in the details of each privilege escalation, consider jumping on the new privilege escalation scanner for GCP.

Code scanning is now available as a GitHub-native experience. With code scanning enabled, every 'git push' is scanned for new potential security vulnerabilities, and results are displayed directly in your pull request. In addition, secret scanning is also now available for private repositories.

A blog post explaining how the Expel team uses a SIEM (in this example, Sumo Logic) to generate security leads from AWS signals. The post also shares some detection use cases (with examples) to try out in your own environment, regardless of what SIEM you use.

How to use Conftest and Open Policy Agent for validating Kubernetes API versions, leveraging the CI pipeline to notify on the usage of deprecated APIs.

If you have deployed OPA Gatekeeper, monitoring this admission controller is as relevant as monitoring the rest of the Kubernetes control plane components. If something breaks here, Kubernetes won't deploy new pods in your cluster; and if it's slow, your cluster scale performance will degrade.

Organizations usually end up piping all cloud API logs to a SIEM (Elasticsearch, Splunk, etc.) and creating alerts based on user and service activity, but what about personal accounts? This article shares a monitoring setup "on a budget" to use in private AWS account. In addition, the companion GitHub repo provides a Terraform module that creates a multi-regional Trail, connects it with a CloudWatch Log Group, and creates a number of metric filters and metric alerts to receive SNS notifications for high noise actions.

aws-vault's EC2 metadata service proxy is vulnerable to DNS rebinding attacks. Web pages you visit might be able to steal your AWS credentials if you have the server running on localhost.

An AWS IAM security assessment tool which scans accounts for violations of Least Privilege and identifies policies that can lead to Privilege Escalation, Data Exfiltration, Resource Exposure, and Infrastructure Modification. It also generates a nice HTML report that can help with triaging and remediation, as well as identifying high-value IAM principals to target during a penetration test.

The Attack Range is a detection development platform which allows you to create vulnerable instrumented local or cloud environments to simulate attacks against and collect the data into Splunk.

To help you identify buckets that can be accessed publicly or from other AWS accounts or organizations, IAM Access Analyzer now analyzes access point policies in addition to bucket policies and bucket ACLs. This helps you find unintended access to S3 buckets that use access points.

To improve the default security for all AWS customers, AWS is adding a default password policy for IAM users in AWS accounts. This update will be made globally to the IAM service on August 3rd, 2020.

You can use Amazon CloudWatch to monitor Prometheus metrics from Amazon Elastic Kubernetes Service (EKS) and Kubernetes clusters. With this new feature, DevOps teams can automatically discover services for containerized workloads such as AWS App Mesh, NGINX, and Java/JMX.

Google launched the preview of Windows Server container support in Google Kubernetes Engine (GKE) earlier this year, which is now generally available for production use.

How to use some of Google's DNS constructs to connect multiple zones to your on-premises DNS infrastructure, using a combination of zones, peering, and forwarding.

At Ignite 2019, Microsoft announced the preview of more than 15 new features for Azure Security Center. This blog provides an update for the features that are now generally available to all customers.