How the OVO team developed Domain Protect, an open source tool for automated scanning of cloud infrastructure for subdomains vulnerable to takeover.

This is such a nice article, sharing a getting started guide for AWS, in a similar style to the getting started guides that many experienced MMORPG players write for new players.

How to build an automated HashiCorp Vault onboarding system with Terraform using sensible naming standards, ACL policy templates, pre-created application entities, and workflows driven by VCS and CI/CD.

Talk explaining how the Form3 team created a repeatable process to automate the setup of Vault using Terraform.

How to use Kubernetes Audit Logs as an event source that Falco can consume. You can also refer to the companion repo.

Post looking at different approaches to help keep IAM configuration tidy, auditable and right-sized.

Walk through some of the salient features of a meaningful security reference architecture and the process required to develop one.

Guide explaining how to install, configure, and run ArgoCD in Kubernetes.

An advisory about an unpatched vulnerability affecting virtual machines in GCP. Attackers could take over virtual machines over the network due to weak random numbers used by the ISC DHCP software, and an unfortunate combination of additional factors.

How the Desired State Configuration (DSC) VM extension can be abused by anyone with the Contributor role in an Azure subscription to run arbitrary commands, with built-in functionality for recurring commands and persistence.

A reference design using step functions to integrate Jira with Security Scorecard.

Automation first no-code platform designed and developed for Security Orchestration and Response.

Cloud-native AuthN/AuthZ enforcer to protect your APIs.

Distribution is the open source code that is the basis of the container registry that is part of Docker Hub, and also many other container registries. It has been recently donated to the CNCF.

Pixie gives you instant visibility by giving access to metrics, events, traces and logs without changing code.

AWS announced the publication of the AWS Security Reference Architecture (AWS SRA). This is a comprehensive set of examples, guides, and design considerations that you can use to deploy the full complement of AWS security services in a multi-account environment that you manage through AWS Organizations.

Post outlining a mechanism that facilitates a healthy, data-driven dialogue between banks and regulators to better achieve compliance objectives.

IAM Access Analyzer extended policy validation by adding new policy checks that validate conditions included in IAM policies. These checks analyze the condition block in your policy statement and report security warnings, errors, and suggestions along with actionable recommendations.

AWS Lambda functions that are triggered from self-managed Apache Kafka topics can now access usernames and passwords secured by AWS Secrets Manager using SASL/PLAIN.

How to leverage Cloud Asset Inventory to analyze Secret Manager resources.

How to manually copy log entries that are already stored in Cloud Logging buckets to Cloud Storage buckets.

Google announced the release of container-native Cloud DNS, the native integration of Cloud DNS with GKE to provide in-cluster Service and Pod DNS resolution.