A Review of the Best News of the Week on Cloud Security, DevOps, AppSec
How AV Software Can Be Turned Into a Tool for Spying (NY Times, Jan 02 2018)
Government officials warn that software from Kaspersky Lab could be subverted by Russian intelligence. A security researcher shows how it could be done.
The Most Viewed AWS Security Blog Posts in 2017 (AWS Security Blog, Jan 03 2018)
1) Coming Soon: Improvements to How You Sign In to Your AWS Account
2) Attach an AWS IAM Role to an Existing Amazon EC2 Instance by Using the AWS CLI
3) AWS and the General Data Protection Regulation (GDPR)
4) How to Protect Data at Rest with Amazon EC2 Instance Store Encryption
5) s2n Is Now Handling 100 Percent of SSL Traffic for Amazon S3
6) Easily Replace or Attach an IAM Role to an Existing EC2 Instance by Using the EC2 Console
7) How to Monitor Host-Based Intrusion Detection System Alerts on Amazon EC2 Instances
8) How to Prepare for AWS’s Move to Its Own Certificate Authority
9) Introducing AWS Single Sign-On
10) How to Visualize and Refine Your Network’s Security by Adding Security Group IDs to Your VPC Flow Logs
Understanding and Selecting a Secrets Management Platform (CyberArk, Jan 02 2018)
For organizations that take advantage of DevOps’s agility without adequately securing the secrets and credentials used in their DevOps environment, there is urgency to take action. DevOps automation not only builds and deploys apps at scale, but it also creates and assigns credentials and secrets at scale. If these secrets aren’t adequately secured and protected, then as the apps scale, the enterprise creates an ever-increasing technical debt of vulnerabilities. Basically, the problem may be getting worse, at scale.
Adding Value to Native Cloud Application Security with CASB (Cloud Security Alliance Blog, Dec 27 2017)
Many companies are starting to look at the Cloud Access Security Broker (CASB) technology as an extra layer of protection for critical corporate data as more and more business processes move to the cloud. CASB technologies protect critical corporate data stored within cloud apps and among their preventative and detective controls, a key feature is the ability to encrypt data stored within cloud apps.
What Does Managed Kubernetes Mean, Anyway? (Container Journal, Jan 03 2018)
As Kubernetes has come to dominate the container world, managed Kubernetes has become an important strategy for companies seeking to monetize Kubernetes. But what does “managed Kubernetes” actually mean? That depends on whom you ask.
Microsoft Adopts Kubernetes to Scale Machine Learning Cloud Workloads (eWEEK, Dec 28 2017)
Microsoft and AI specialist Litbit collaborate on an AI system that uses Kubernetes to automatically scale unpredictable machine learning workloads.
Browser data leakage bug – Mozilla to delete info just in case (Naked Security – Sophos, Dec 30 2017)
An ironic bug – when Firefox hit a bug and crashed, it could then hit another bug and upload crash report data even if you’d told it not to.
How to Encrypt Amazon S3 Objects with the AWS SDK for Ruby (AWS Security Blog, Dec 27 2017)
“Recently, Amazon announced some new Amazon S3 encryption and security features. The AWS Blog post showed how to use the Amazon S3 console to take advantage of these new features. However, if you have a large number of Amazon S3 buckets, using the console to implement these features could take hours, if not days. As an alternative, I created documentation topics in the AWS SDK for Ruby Developer Guide that include code examples showing you how to use the new Amazon S3 encryption features using the AWS SDK for Ruby.”
VMware Issues 3 Critical Patches for vSphere Data Protection (Threatpost, Jan 03 2018)
VMware released three patches fixing critical vulnerabilities affecting its vSphere cloud computing virtualization platform.