Can you break out of the CodeBuild container? Where will you end up?.

Blog presenting a new technique for escalating privileges within Azure environments through the abuse of dynamic groups in Azure Active Directory.

Deep-dive on how to enforce systematic Kubernetes network security policies with Open Policy Agent.

The challenges of monitoring Kubernetes, both the infrastructure platform and the running workloads, and an overview of Kubernetes monitoring tools.

HashiCorp introduced Sentinel Playground, which offers access to a zero-install development environment to learn and experiment with policy as code without having to install and maintain runtime environments on your own machines.

Interesting post exploring the relationship between Google Cloud IAM and Kubernetes RBAC.

HashiCorp Vault is now validated on Google Cloud Platform's Confidential Computing service. Confidential Computing allows HashiCorp Vault to operate in environments with resilient host based security that adds additional protection through the use of memory encryption.

Detailed list of what's new in Kubernetes 1.19. Of the 34 enhancements in this version, 10 are completely new, 8 are graduating to Stable, 2 are management changes on the Kubernetes project, and the other 14 are existing features that kept improving.

Post covering what headless services are, how do they work, and how do they integrate with DNS resolution.

Yet another post on mastering the art of creating seccomp profiles for your workloads, this time around covering the new Seccomp GA syntax and some other advanced topics.

Post exploring the newest addition to the kubectl plugin of cert-manager, "kubectl cert-manager status certificate", a command designed to make the troubleshooting experience of cert-manager problems easier.

Blog post aiming to raise security awareness and summarize useful attack and audit techniques for an internal black and whitebox infrastructure assessment of a Puppet Enterprise landscape.

Vulnerable by Design AWS CDK repository.

Vulnerable by Design Cloudformation repository.

Vulnerable by Design Terraform repository.

A vulnerability scanner for container images and filesystems.

Capsule is a Kubernetes multi-tenant Operator. It aggregates multiple namespaces assigned to an organization or group of users in a lightweight abstraction called Tenant. Within each tenant, users are free to create their namespaces and share all the assigned resources between the namespaces of the tenant.

AWS released the Best Practices for Security, Identity, & Compliance webpage of the new AWS Architecture Center, containing recommendations for security design principles, workshops, and educational materials.

EKS customers can now leverage EC2 security groups to secure applications with varying network security requirements on shared cluster compute resources. Network security rules that span pod to pod and pod to external AWS service traffic can be defined in a single place with EC2 security groups, and applied to individual pods and applications with Kubernetes native APIs.

In addition to the previously supported OIDC/OAuth2 authorization option, it is now possible to secure Amazon API Gateway HTTP APIs using two new authorization options: Lambda authorizers and IAM authorizers.

How to configure an LDAPS (LDAP over SSL or TLS) encrypted endpoint for Simple AD so that you can extend Simple AD over untrusted networks.

Google expanded the Google Cloud Confidential Computing portfolio with the announcement of Confidential GKE Nodes and of Confidential VMs.

Google announced the beta of API Gateway, a fully-managed Google Cloud offering that lets you create, secure, and monitor APIs for your serverless workloads.

This blog post describes an example of how to build a Data Platform using Cloud Functions, Dataflow, Google Cloud Storage and Bigquery with VPC Service Controls.

If you are using Azure DDoS Standard Protection, you can now ingest this via a custom connector into your Azure Sentinel workspace.

Blog explaining how to ingest and analyse vulnerability data in Azure Sentinel. In the article, Tenable is used as an example, but the same approach can be used with any other Threat & Vulnerability Management (TVM) platform.

Handy flowchart to select a candidate data store for any kind of workload.

Interesting flowchart to help you to choose a compute service for your application.