This week's articles
Record AWS API calls to improve IAM Policies
Have you ever looked at an IAM policy and wondered: Is it really necessary to grant access to this specific action? CloudTrail can help here, but there is something better: Record API calls with Client Side Monitoring.
#aws
#iam
#defend
Exploring Cloud Trust Relationships: AWS
First in a series exploring mapping trust in different cloud providers. This post looks at 11 different aws security scanning tools and talks about some pros and cons with each.
#aws
#explain
Preventing malicious use of Weave Scope
Intezer and Microsoft reported this week that TeamTNT hackers are using Weave Scope to aid their intrusions. As Weave Scope is an administration tool, it has powerful capabilities making it important for any installation to be secured. This blog covers both how Scope is used and how you can prevent it being misused by securing it in any Kubernetes installation.
#k8s
#defend
Falco Default Rule Bypass
Darkbit discovered a bypass for a Falco default rule, whereby cleverly named images running as privileged and/or mounting sensitive paths can avoid generating alerts. It is recommended to update your "falco_rules.yaml" to the latest version.
#k8s
#falco
#defend
Falco Update: What's new in Falco?
CNCF post describing the top five new features released in Falco 0.25 (like rules improvements, gRPC for alerts, and more).
#k8s
#falco
#explain
Using AWS IoT for mutual TLS in a web application
Is there a way to support a client certificate-based "device trust" feature natively in AWS? Turns out you can use X.509 client certificates to authenticate your Chrome browser to AWS using AWS IoT.
#aws
#develop
Purchased Microsoft 365 E5, Now What?
The Microsoft 365 E5 suite is essentially a large amount of products Microsoft offers for the Enterprise environment, more focused towards the security and compliance areas. The purchasing of E5 licensing means an organization now has unlocked a lot of Microsoft products and the common question seen afterwards is, "where do I start?".
#microsoft
#defend
CNCF End User Technology Radar - Continuous Delivery
The CNCF End User Community was asked to describe what their companies recommend for different solutions: Adopt, Trial, Assess or Hold. This table shows how the End User companies rated each technology.
#ci/cd
#develop
|