If you rely on Docker or runc now is a great time to update: blog.cloudsecuritypartners.com/secure-your-co…

Ten months ago, we launched the Vesuvius Challenge to solve the ancient problem of the Herculaneum Papyri, a library of scrolls that were flash-fried by the eruption of Mount Vesuvius in 79 AD. Today we are overjoyed to announce that our crazy project has succeeded. After 2000

I continue to be impressed by 🦊 GitLab's mission to make it so that anyone can contribute. Working with a client, I was trying to understand some of the controls around GitLab Secrets Manager. They published the ADR: docs.gitlab.com/ee/architectur…

Looking forward to teaching this course! I'm coming prepared with more memes and more tips.

Love is in the air, and so is our passion for Cloud Security. 💗 🔒 Need a team that's dedicated to protecting your tech stacks? We're your match. #CloudSecurity

It appears that there is a phishing campaign going around trying to steal AWS credentials. Be on the lookout in your organization! Major thank you to those sharing these in the AWS Security Forum.

Here at Cloud Partners, we recommend our clients adopt Infrastructure as Code (IaC) for early detection of security vulnerabilities, version control, consistent environments, and much more! Check out our blog post on IaC and Terraform! #iac #Security blog.cloudsecuritypartners.com/the-security-b…

DOMPurify is an amazing sanitization library, which I regularly recommend to customers. But even well-maintained libraries will suffer from vulnerabilities from time-to-time. RyotaK and team shared a great example!

One of my favorite talks I attended was at HOPE X, 9 years ago. Deviant Ollam ツ and Sgt. Howard Payne dropped some knowledge on elevator hacking, which has stuck with me to this day. You will learn amazing things you never expected to hear about. Get a ticket while you can.

As a kid, the magic of software was that I could sit down and make something with no license, degree, or ~money. Gotta say, publishing an iOS app from scratch today is a verrry diff vibe. I wonder how many young people's ideas we've lost at "and now register for a DUNs number."

Heads-Up: Many of the current generation of Amazon RDS and Amazon Aurora SSL/TLS certificates will expire in 2024 and you need to rotate them ASAP. Learn more at aws.amazon.com/blogs/aws/rota… #AWS

Thank you to everyone who brought this article to our attention. We agree that customers should not have to pay for unauthorized requests that they did not initiate. We’ll have more to share on exactly how we’ll help prevent these charges shortly. #AWS #S3 How an empty S3

Fairly certain I spend half my time online selecting which cookies I want sites to be able to access. How did we get ourselves into this mess?

Amen to the 30/90 password resets. If you are reading this and your enterprise is doing this, I’m here to tell you right now this type of password policy at your org is doing more harm than good.

I know folks still have annual security budget. This training is like the gift that keeps on giving. Good virtual training is hard to come by - don’t miss this one.

No solutions yet for the challenge. Anyone up for some Actions exploitation?

Michael McCabe de Cloud Security Partners nos explica como asegurar nuestra infraestructura con Terraform, incluyendo sus vulnerabilidades y las mejores prácticas para proteger los sistemas de IAC. youtu.be/OxtUkgs6JHc #HackGDL #HackGDL2025 #hacking #cybersecurity #Mexico

Looking forward to giving a webinar tomorrow on Defense-in-Depth engineering. We’ll talk through four key areas to help harden our applications and systems, including real tangible examples that folks can start utilizing right away. us02web.zoom.us/webinar/regist…

A couple reflections on the quantum computing breakthrough we just announced... Most of us grew up learning there are three main types of matter that matter: solid, liquid, and gas. Today, that changed. After a nearly 20 year pursuit, we’ve created an entirely new state of