The Cloud Security Alliance released a new framework which aims to be the go-to guide for cloud customers to effectively prepare for and manage cloud incidents.

Google's introduction to Cosign, a tool which simplifies signing and verifying container images, aiming to make signatures invisible infrastructure - basically, it takes over the hard part of signing and verifying software for you.

How Praetorian helped design security controls and observability features for Google Cloud IAM in a client's GCP environment. They also generated two technical artifacts for implementing these solutions: ephemeral-iam, which implements a token-based privilege escalation tool, and a technical guide to using Trusted Platform Modules (TPMs) for service account credential storage.

Someone's AWS credentials were leaked. Follow this fictional story while the attacker persists their permissions, escalates, and uses the cloud for crypto mining.

BridgeCrew scanned thousands of Helm charts available on Artifact Hub and shared their findings and trends.

How to implement CIS alerts and automated remediation with EventBridge.

Palantir's InfoSec team shares their experience using Cilium to harden their Kubernetes Infrastructure.

How to use AWS Systems Manager to create an automated schedule of patches for your EC2 instances.

Third post in a "Be sure to integrate..." series, which looks at 3 baseline services that should be enabled and integrated into your AWS Organization. The first post looked at AWS Security Hub, the second at GuardDuty, and this third post covers IAM Access Analyzer.

The password reset function of AWS Cognito allows attackers to change the account password if a six-digit number (reset code) sent out by E-mail is correctly entered. By using concurrent HTTP request techniques, it was shown that an attacker can do more guesses on this number than mentioned in the AWS documentation (1587 instead of 20). If the attack succeeds and the attacked accounts do not have multi-factor authentication enabled, a full take-over of the attacked AWS Cognito user accounts would have been possible. The issue was fixed by AWS on 2021-04-20.

A deep dive into the key metrics and logs for monitoring the health and performance of HashiCorp Vault.

How to use CSI to expose secrets on a volume within a Kubernetes pod and retrieve them using the beta Vault Provider for the Kubernetes Secrets Store CSI Driver.

In the world of infrastructure-as-code security there are several tools for users to choose from. The goal of this repository is to help compare the different options so that users can choose the tool that best fits their own needs.

Pypi module to enable workload identity federation from AWS to GCP without the need for static credentials.

Find AWS resources that are not logging, and turn them on.

A tool for exploring and exploiting Firebase datastores. See also the companion blog post.

JAF is an Accenture, internally developed, red team-oriented tool for interacting with Jenkins build servers. You can also read the companion blog post.

AWS announced the availability of CloudFront Functions, a new serverless scripting platform that allows you to run lightweight JavaScript code at the 218+ CloudFront edge locations at approximately 1/6th the price of Lambda@Edge.

How to use "aws:PrincipalIsAWSService", a new global AWS IAM condition key, to write policies that restrict access to your data from untrusted identities and unexpected network locations while safely granting access to AWS services.

A blog series featuring top recommendations for using IAM from AWS Heroes and APN Ambassadors, who will share recommendations which are driven from personal experiences using a service that's foundational for the security of AWS customers.

How the IAM visual editor helps you create policies by providing helpful documentation and the correct syntax. You'll also learn why you should use federation due to the short-term credentials made possible by IAM roles.

AWS Audit Manager now offers three new prebuilt standard frameworks: NIST Cybersecurity Framework version 1.1, AWS Foundational Security Best Practices, and AWS Well-Architected framework.

Workload Identity however has a single Identity pool per project, which means two identical KSA's across two identical namespaces across two GKE clusters, will inherit the same IAM policy binding and therefore the same permissions. This is called the "Identity sameness".

The complete list of Customer Reliability Engineering (CRE) life lessons published in the past five years in one convenient location.

The Azure Sentinel: Zero Trust (TIC3.0) Workbook provides an automated visualization of Zero Trust principles cross walked to the Trusted Internet Connections framework. This workbook leverages the full breadth of Microsoft security offerings across Azure, Office 365, Teams, Intune, Windows Virtual Desktop, and many more.