A Review of the Best News of the Week on Cloud Security, DevOps, AppSec

Announcing the First AWS Security Conference: re:Inforce 2019 (AWS Blog, Nov 26 2018)
The inaugural AWS re:Inforce, a hands-on gathering of like-minded security professionals, will take place in Boston, MA on June 25th and 26th, 2019 at the Boston Exhibit and Conference Center. The cost for a full conference pass will be $1,099.

Amazon Low-Key Reveals Breach of Some Customer Data (Dark Reading, Nov 21 2018)
Some Amazon customers have reported receiving a vague email from the company alerting them that the website had exposed their names and email addresses.

Distributing Malware By Becoming an Admin on an Open-Source Project (Schneier on Security, Nov 28 2018)
The module “event-stream” was infected with malware by an anonymous someone who became an admin on the project.

Without data, your security strategy is just a guess.
The Mosaic Security Research Market Intelligence Platform provides the data you need for OWASP’s Cyber Defense Matrix. Learn a better way to build your strategy.

AWS launches a base station for satellites as a service (TechCrunch, Nov 27 2018)
With this new service, AWS will provide ground antennas through their existing network of worldwide availability zones, as well as data processing services to simplify the entire data retrieval and processing process for satellite companies, or for others who consume the satellite data.

How federal agencies can leverage AWS to extend CDM programs and CIO Metric Reporting (AWS Security Blog, Nov 21 2018)
Continuous Diagnostics and Mitigation (CDM), a U.S. Department of Homeland Security cybersecurity program, is gaining new visibility as part of the federal government’s overall focus on securing its information and networks…This blog will explain how you can implement a CDM program—or extend an existing one—within your AWS environment, and how you can use AWS capabilities to provide real-time CDM compliance and FISMA reporting.

For recent big data software vulnerabilities, botnets and coin mining are just the beginning (Help Net Security, Nov 26 2018)
Any company using Hadoop or Spark should be certain they have the capability to detect and respond to vulnerabilities in these systems rapidly.

Orkus Exits Stealth Mode With Cloud Security Platform (SecurityWeek, Nov 26 2018)
Orkus on Monday emerged from stealth mode with a cloud security platform…The Orkus Access Governance Platform has four main components: Access Graph, Graph AI, Access Guardrails, and Access Intelligence.

Cylance introduces AI-powered cloud security solution for AWS (Help Net Security, Nov 27 2018)
CylancePROTECT now supports AWS Linux to protect application instances running on cloud services infrastructure from cyber threats, and its AI techniques further extend to the Cylance AI-powered endpoint detection and response (EDR) solution CylanceOPTICS to provide insight and threat hunting capabilities against those threats.

Tenable.io available on AWS Marketplace (Help Net Security, Nov 27 2018)
Tenable.io is a component of the Tenable Cyber Exposure platform, which provides visibility into cyber risk across IT, cloud, IoT and OT environments and the analytics to measure and communicate cyber risk in business terms to make better decisions.

Are KMS custom key stores right for you? (AWS Security Blog, Nov 26 2018)
You can use the AWS Key Management Service (KMS) custom key store feature to gain more control over your KMS keys. The KMS custom key store integrates KMS with AWS CloudHSM to help satisfy compliance obligations that would otherwise require the use of on-premises hardware security modules (HSMs) while providing the AWS service integrations of KMS.

8 common reasons why enterprises migrate to the cloud (Google Cloud Blog, Nov 28 2018)
1. Data center contract renewals, 2. Acquisitions, 3. Increased capacity requirements, 4. Software and hardware refresh cycles, 5. Security threats, 6. Compliance needs, 7. Product development benefits, and 8. End-of-life events

How to develop secure applications using Azure Cosmos DB (Microsoft Azure Blog, Nov 21 2018)
Azure Cosmos DB is a ring zero Azure service. This means it will be available in any new Azure data center as soon as it goes online and must keep all its compliance certificates current.

3 Tips to Build A DevSecOps Organization (DevOps, Nov 28 2018)
To evolve from DevOps to DevSecOps, an organization must focus on integrating security into the very fabric of the software development cycle, and work to increase intelligence, situational awareness, and collaboration.

JavaScript library used for sneak attack on Copay Bitcoin wallet (Naked Security – Sophos, Nov 28 2018)
A mystery payload sneaked into a hugely popular JavaScript library was part of a plot to ransack Bitcoins from BitPay’s Copay mobile cryptocoin wallet, it has been alleged.