Uber is sharing details about their general purpose multi-cloud security monitoring platform to help other teams working through their approach.

How to create forensic disk snapshots in AWS and GCP, making cloud DFIR a tad less painful.

Chris Farris put some thoughts together for conducting an AWS assessment when you're looking at a brand new organization (think, for example, at M&As).

This diagram provides an overview of various AWS security tooling services, and where those services fit into a Security & Compliance lifecycle.

Blog post from Praetorian presenting the results from 90 Cloud Security vendors, showing that 37% had not implemented the "ExternalId" correctly to protect against confused-deputy attacks. This means their products could be abused to get access to their customers' environments.

An ongoing campaign to steal AWS accounts through a phishing email which impersonates AWS and encourages the victim to click through to view a (fake) open support case.

If you've ever wondered how to get into a Google datacenter, here's a video that shows what's involved. I have to admit I enjoyed watching it.

How to detect when an Azure AD Global Admin elevates their access to the Azure root management group.

As of Kubernetes v1.19.0, kubectl will contain a new "--privileged" flag. Just to be clear, this flag only enables what you were already able to do using yaml, and it only does this for kubectl run which is for running one-off pods, not intended for deploying production workloads.

To allow for Kubernetes workloads to securely access HDFS, Linkedin released Kube2Hadoop, a scalable and secure integration with HDFS Kerberos. This enables AI modelers at LinkedIn to use HDFS data in Kubernetes pods with access control through a user or a headless account.

Intentionally vulnerable cluster environment to learn and practice Kubernetes security. You can also play directly in browser for free using Katacoda Playground.

Kubernetes Admission Controller for Image Scanning using OPA, to validate the images you scan are actually the images you deploy in your K8S cluster.

kubectl-images is a kubectl plugin that shows the container images used in a cluster.

gimme-aws-creds is a CLI that utilizes an Okta IdP via SAML to acquire temporary AWS credentials via AWS STS.

A command-line tool to get valuable information out of AWS CloudTrail.

Some IR runbook samples from AWS, covering topics like DoS and credential leakage.

This guide presents an overview of the fundamentals of responding to security incidents within a customer's AWS Cloud environment. It focuses on an overview of cloud security and incident response concepts, and identifies cloud capabilities, services, and mechanisms that are available to customers who are responding to security issues.

Detailed post on how AWS practice continuous delivery, detailing all the steps their internal CI/CD pipelines take to safely deploy to production.

It is now possible to identify which Private Hosted Zones are associated with each VPC by calling the new ListHostedZonesByVPC API action.

AWS Lambda functions can now mount an Amazon Elastic File System (EFS), a scalable and elastic NFS file system storing data within and across multiple availability zones (AZ) for high availability and durability.

EC2 Image Builder is now integrated with AWS PrivateLink which enables customers to privately access EC2 Image Builder from Amazon Virtual Private Clouds (VPC) without using public IPs, and without requiring the traffic to traverse across the Internet.

Packet Mirroring offers full packet capture capability, allowing you to identify network anomalies within and across VPCs, internal traffic from VMs to VMs, traffic between end locations on the internet and VMs, and also traffic between VMs to Google services in production.

Microsoft released a new infographic, along with a 37-page e-book showing compliance details in over 30 key geographies.