The Cloud Security Alliance released version 4 of the Cloud Controls Matrix (CCM). The upgrade from CCM v3.0.1 to v4 has been imperative considering the evolution of the cloud security landscape, both from the technical and legal and regulatory standpoint. There was also a need for organizations to make the implementation of security and privacy controls more efficient and streamline compliance.

An overview of why infosec teams stand to substantially benefit from rediscovering the importance of availability within their mandate, and why it's imperative they do so.

Leveraging SSM for post-exploitation: with access to an EC2 instance you can block EC2 Messages (like send-command) and SSM sessions, send arbitrary responses, or snoop on communications.

How to use an artisanally crafted Kubernetes Service Account as a Honeytoken.

How to use the AWS IAM Simulator to test an S3 bucket policy attached to a bucket in your AWS account.

Vulnerability in Azure Functions which would allow an attacker to escalate privileges and escape the Azure Functions Docker container to the Docker host. Microsoft has determined that the vulnerability has no security impact on Function users as the Docker host itself is protected by a Hyper-V boundary.

Step by step explanation on how to integrate Checkov Terraform quality checks into Azure DevOps pipelines.

A series focusing on best practices around the automation of infrastructure provisioning and application deployment. It covers the concepts of Infrastructure as Code, CI/CD, secrets management, dynamic secrets, the secret zero problem, service mesh, and more.

How Falco and AuditD compare from a Host Intrusion Detection perspective. Bear in mind this post has been written by Sysdig.

Crawls your GCP Org and returns service accounts that have not been used in the past 90 days.

Creates a local mirror of a Kubernetes cluster in a docker container to support offline reviewing.

Cloud Scout is a plugin which works on top of BloodHound, leveraging its visualization capabilities in order to visualize cross platform attack paths.

Go library and CLIs for working with container registries. It also lets you build your own layers and images programmatically.

Amazon released a whitepaper presenting a deep dive into the AWS Lambda service through a security lens. It provides a well-rounded picture of the service, which is useful for new adopters, and deepens understanding of Lambda for current users.

AWS IAM Access Analyzer now analyzes AWS Secrets Manager resource-based policies to help you discover secrets that can be accessed publicly or from other accounts or organizations.

Amazon GuardDuty has added Amazon Detective hyperlink pivots to make it even easier to jump from a GuardDuty security finding into a pre-populated Amazon Detective investigation experience.

This blog presents an architecture that provides a unified view of the DNS while allowing different AWS accounts to manage subdomains. It utilizes PHZs with overlapping namespaces and cross-account multi-region VPC association for PHZs to create an efficient, scalable, and highly available architecture for DNS.

AWS Certificate Manager (ACM) Private Certificate Authority (CA) now supports additional customization options for issuing CA and end entity certificates to meet additional use cases such as identity certificates, including smart card certificates. Customers can now include certificate attributes via API calls at the time of issuance in addition to inclusion in the certificate signing request (CSR).

AWS infrastructure and services are not affected by this issue. As a general security best practice, it is recommended that Amazon EC2 customers running Amazon Linux update their operating systems to install the latest version of sudo.

Google announced the GKE CIS 1.1.0 Benchmark InSpec profile, which allows you to assess Google Kubernetes Engine (GKE) clusters against security controls recommended by CIS.

Cloud Operations Sandbox is an open-source tool that helps you learn SRE practices from Google and apply them on cloud services using Google Cloud’s operations suite (formerly Stackdriver).

Google released a new white paper Designing and deploying a data security strategy with Google Cloud that shares a view of how to deploy a modern and effective data security program.

Post explaining the entire lifecycle of a container on Cloud Run, from starting to serving and shutting down.