This week's articles
Conducting a Cloud Assessment in AWS
Chris Farris put some thoughts together for conducting an AWS assessment when you're looking at a brand new organization (think, for example, at M&As).
AWS Security Tooling Diagram
This diagram provides an overview of various AWS security tooling services, and where those services fit into a Security & Compliance lifecycle.
AWS IAM Assume Role Vulnerabilities Found in Many Top Vendors
Blog post from Praetorian presenting the results from 90 Cloud Security vendors, showing that 37% had not implemented the "ExternalId" correctly to protect against confused-deputy attacks. This means their products could be abused to get access to their customers' environments.
An ongoing AWS phishing campaign
An ongoing campaign to steal AWS accounts through a phishing email which impersonates AWS and encourages the victim to click through to view a (fake) open support case.
Added --privileged flag to kubectl run
As of Kubernetes v1.19.0, kubectl will contain a new "--privileged" flag. Just to be clear, this flag only enables what you were already able to do using yaml, and it only does this for kubectl run which is for running one-off pods, not intended for deploying production workloads.