SummitRoute made 3.5 years of anonymized Cloudtrail logs from flaws.cloud available for security research, with guidance on how to analyze these with Athena. This is nearly 2M log events from nearly 10K "attackers".

Two vulnerabilities were discovered in Azure App Services. The first enabled an attacker with access to the server to take over the App Service's git repository and implant phishing pages accessible through the Azure Portal. The second vulnerability allowed an attacker with an existing low-severity vulnerability on the application (SSRF) to upgrade to full code execution on the App Service and trigger the first vulnerability.

Another issue found by Google's Project Zero, this time affecting aws-iam-authenticator, implemented on top of the sts:GetCallerIdentity AWS API.

HashiCorp released Waypoint, a new open source project that provides developers a consistent workflow to build, deploy, and release applications across any platform. To really understand what Waypoint is (and isn't), I highly recommend this blog from @copyconstruct.

HashiCorp released Boundary, a new open source project that enables to securely access dynamic hosts and services with fine-grained authorization without requiring direct network access. The Boundary AWS Reference Architecture repo contains Terraform configuration for deploying Boundary in HA mode in AWS.

HashiCorp announced the private beta for HashiCorp Vault running on the HashiCorp Cloud Platform (HCP), which is a fully managed cloud offering to automate the deployment of HashiCorp products.

HashiCorp released Consul Terraform Sync, which allows you to configure event-triggered Terraform runs for managing network infrastructure.

As stated by Cloudflare: "It provides secure, fast, reliable, cost-effective network services, integrated with leading identity management and endpoint security providers".

How to create a service, exposing it with an Ingress, and adding Single Sign On.

Now enterprise, organization, and repository administrators can define an allow list and fine-tune access to external Github Actions, making it easier to achieve security and compliance goals.

How to configure Falco to run at the edge with k3s on an ARM64 host, an AWS Graviton instance, or a Raspberry Pi 4.

Walk through of a k3s deployment leveraging Falco for increasing security and visibility.

How to use GCP's IAM Recommender to explore how to enforce least-privilege at scale.

Serverless, Zero-Trust SSH for Microsoft Azure.

A redaction tool for structured data (like logs). Run wernicke with JSON on stdin, get redacted values out. Preserves structure and (to some extent) semantics.

GitLab Watchman is an application that uses the GitLab API to audit GitLab for sensitive data and credentials exposed internally.

How to automatically archive Access Analyzer findings for expected events, such as authorized resource access. The benefit of automatically archiving expected findings is to help you reduce distraction from findings that don't require action, enabling you to concentrate on remediating any unexpected access to your shared resources.

How to use AWS Config to create compliance rules that will scan AWS KMS key policies to determine whether they follow your company's guidelines for least privilege.

Cloud Run now allows you to set up continuous deployment in just a few clicks: From the Cloud Run user interface, you can now easily connect to your Git repository and set up continuous deployment to automatically build and deploy your code to your Cloud Run and Cloud Run or Anthos services.

Cloud Run now supports setting a static IP address for outbound (egress) connections from serverless containers. You can now connect to external DBs/APIs with a particular IP address you can whitelist.

The Azure Sentinel Github repo contains out of the box detections, exploration queries, hunting queries, workbooks, playbooks and much more to help you get ramped up with Azure Sentinel and provide you security content to secure your environment and hunt for threats.