If you are involved with AWS security, then the Security Maturity Roadmap from @SummitRoute is a must read. Scott has now updated the Roadmap for 2020, reflecting changes in services and functionalities released by AWS.

Publicly exposing SNS Topics can introduce a whole range of issues. In this case, exposing the "subscriptionID" publicly will grant anyone (even without authentication) permissions to remove subscriptions from the topic. The countermeasure? Set the "AuthenticateOnUnsubscribe" flag.

How to leverage containers to exploit AWS ECS Task Definitions in Pacu.

Sometimes the image you scan, is not the same you deploy in your Kubernetes cluster. This article explains to use image scanning on admission controllers to scan your container images on-demand, right before your workloads are scheduled in the cluster.

This post launches a four-part series going over best practices for creating and operating secure AKS clusters and the containerized applications that run on them. Part 1 focuses on what you need to know when planning and creating your AKS clusters.

The enforcement and policy-based definition of cluster requirements of security contexts has previously been achieved using Pod Security Policies. However, numerous means of policy enforcement have arisen that augment or replace the use of PodSecurityPolicy. The intent of these Standards is to detail recommended Pod security profiles, decoupled from any specific instantiation.

Blog post introducing elastalert-ci, a CircleCI-compatible convenience image that you can use to test your Elastalert rules. The CI configuration spins up an Elasticsearch container and an Elastalert container, uploads provided test data to the Elasticsearch container, and then runs the rules that are provided to it.

Interesting thread on how a red team stole AWS credentials starting from physical access to a laptop via a retail store.

Write-up of an interesting RCE bug found on Google Cloud Deployment Manager.

Container image linter for Security, helping build the best-practice Docker image.

A GitHub action to help you scan your docker image for vulnerabilities, leveraging Trivy and Dockle.

Dagda is a tool to perform static analysis of known vulnerabilities, trojans, viruses, malware & other malicious threats in docker images/containers and to monitor the docker daemon and running docker containers for detecting anomalous activities.

Vulnerable-by-design training tool for Terraform. For more information, you can check the companion blog post.

A honeypot simulating a vulnerable Elasticsearch server opened to the Internet.

The Amazon EKS Best Practices Guide for Security helps configure every component of a cluster for high security. The guide covers a broad range of topics including pod security, network security, incident response, and compliance.

Amazon released the Getting Started with AWS Security, Identity, and Compliance course. This free, on-demand course will teach you about the security pillar of the Well-Architected Framework. It also covers key services used in identity and access management, detective controls, infrastructure protection, and data protection categories.

AWS IAM now has a new "sts:RoleSessionName" condition element for the Security Token Service (STS), that makes it easy for AWS account administrators to control the naming of individual IAM role sessions.

You can now use AWS Secrets Manager to manage secrets for applications that are subject to Federal Risk and Authorization Management Program (FedRAMP) Moderate and High baselines, in the Commercial and AWS GovCloud (US) Regions, respectively.

AWS released the spring 2020 SOC reports, covering period 10/1/2019 to 03/31/2020, with six new services in scope, for a total of 122 total services in scope. These SOC reports are now available through AWS Artifact in the AWS Management Console. The SOC 3 report can also be downloaded as a PDF.

Config Sync allows cluster operators to manage single clusters, multi-tenant clusters, and multi-cluster Kubernetes deployments using files, stored in a Git repository.

It is now possible to track and monitor your compliance with the Azure Security Benchmark across your Azure environment in Azure Security Center.