A post summarising the outcome produced by three main initiatives which took upon the challenge of threat modelling a Kubernetes cluster, so that anyone can use them as a starting point for their own (custom) threat modelling exercise. (Disclaimer: I did write this post)

Post presenting a working example of how to control egress traffic from specific source workloads to specific external services using Istio.

How to tackle the usual problem of testing in dev environments which do not have any (real) traffic? The Trivago team leveraged the traffic mirroring feature of Istio to replicate traffic from production to development environments. Watch out for customer data!

Vault 1.4 Enterprise introduced a new secrets engine called Transform. Transform is a secrets engine that allows Vault to encode and decode sensitive values residing in external systems such as databases or file systems. The Transform engine allows to ensure that when a system is compromised, and its data is leaked, that the encoded secrets remain uncompromised even when held by an adversary.

Elastic open sourced detection-rules, a set of rules written for Elastic Security, with coverage for many MITRE ATT&CK techniques. It also includes a few for CloudTrail.

An opinionated article describing how large cloud providers don't seem to be providing best guidance on secure CI/CD workflows.

Interesting presentation describing how to setup a response environment and how to perform forensics in the cloud.

How to identify and augment incidents using behavioral evidence of lateral movement, detected through statistical modeling.

Post describing a new attack vector: Azure Applications. Attackers can create, disguise, and deploy malicious Azure apps to use in their phishing campaigns. Once the attacker convinces the victim to click-to-install malicious Azure apps, they can map the user's organization, gain access to the victim's files, read their emails, send emails on their behalf (great for internal spear phishing), and a whole lot more.

Konstraint is a CLI tool to assist with the creation and management of constraints when using Gatekeeper.

Workshop covering techniques to secure a serverless application built with AWS Lambda, Amazon API Gateway and RDS Aurora. In particular, it focuses on 5 domains: identity & access management, infrastructure, data, code, logging & monitoring.

How to combine the asymmetric signing feature of the AWS Key Management Service (AWS KMS) and code-signing certificates from the AWS Certificate Manager (ACM) Private Certificate Authority (PCA) service to digitally sign any binary data blob and then verify its identity and integrity.

How to build a continuous integration and continuous delivery (CI/CD) pipeline using AWS Developer Tools, as well as Trivy. You’ll build two Docker images, one with vulnerabilities and one without, to learn the capabilities of Trivy and how to send all vulnerability information to AWS Security Hub.

Google Cloud is the first major cloud provider to receive an accredited ISO/IEC 27701 certification as a data processor. ISO/IEC 27701 (an extension of ISO/IEC 27001) provides guidance for implementing, maintaining, and continuously improving a Privacy Information Management System (PIMS).

Logging sinks can be used to build an event-driven system to detect and respond to log events in real time.

Walkthrough on how to setup monitoring and alerting on object creation in Google Cloud Storage, using data access logs and logs-based metrics.

Azure Container Registry recently announced the general availability of features like Azure Private Link, customer-managed keys, dedicated data-endpoints, and Azure Policy definitions. These features provide tools to secure Azure Container Registry as part of the container end-to-end workflow.

Microsoft released the Azure Service Operator, an open source project that allows users to expose several Azure services as Kubernetes operators.