A Review of the Best News of the Week on Cloud Security, DevOps, AppSec
Crooks Continue to Exploit GoDaddy Hole (Krebs on Security, Feb 04 2019)
“Spammy Bear targeted dormant but otherwise legitimate domains that had one thing in common: They all at one time used GoDaddy’s hosted Domain Name System (DNS) service. Researcher Ron Guilmette discovered that Spammy Bear was able to hijack thousands of these dormant domains for spam simply by registering free accounts at GoDaddy and telling the company’s automated DNS service to allow the sending of email with those domains from an Internet address controlled by the spammers.”
Chrome’s hidden lookalike detection feature battles URL imposters (Naked Security – Sophos, Feb 04 2019)
Chrome now checks for misspellings of popular URLs and will display a link to the site that it thinks the user might have wanted to visit.
Guidelines for protecting your AWS account while using programmatic access (AWS Security Blog, Feb 06 2019)
One of the most important things you can do as a customer to ensure the security of your resources is to maintain careful control over who has access to them. This is especially true if any of your AWS users have programmatic access.
8,000 Security News Articles
Since I started this curated newsletter in June 2017, I’ve clipped ~8,000 articles and narrowed them down into the best 20 per day. This is my favority way to stay abreast of the industry. Readers like you make this all worthwhile.
Thanks! – Lucas Samaras
Rubrik Data Leak is Another Cloud Misconfiguration Horror Story (Dark Reading, Jan 30 2019)
A server security mishap exposed vast stores of data belonging to clients of Rubrik, a security and cloud management firm.
Cloud Security Firm Aporeto Raises $20 Million (SecurityWeek, Jan 31 2019)
Cloud security firm Aporeto on Wednesday announced that it raised $20 million in a Series B funding round, which brings the total raised by the company to date to $34.5 million.
Mitigating the Security Risks of Cloud-Native Applications (Dark Reading, Feb 05 2019)
While containers can create more secure application development environments, they also introduce new security challenges that affect security and compliance.
Exploring the Challenges of Cloud Migration for Federal Agencies (eWEEK, Feb 06 2019)
Cloud migration poses a number of challenges for federal agencies, from technical factors like security and networking to cultural factors like the change in mindset from on-premise to cloud infrastructure. Our experts discuss these challenges and provide practical advice to federal agencies that need help with cloud migrations.
Serverless Computing: ‘Function’ vs. ‘Infrastructure’ as-a-Service (Dark Reading, Feb 06 2019)
How much do companies really gain from offloading security duties to the cloud? Let’s do the math.
vArmour, a security startup focused on multi-cloud deployments, raises $44M (Enterprise – TechCrunch, Feb 06 2019)
vArmour, which provides a platform to help manage security policies across disparate public and private cloud environments in one place, is announcing today that it has raised a growth round of $44 million.
GitHub Helps Developers Keep Dependencies Secure via Dependabot (SecurityWeek, Jan 31 2019)
Microsoft-owned GitHub informed developers on Thursday that they can easily ensure that the dependencies used by their applications are always secure and up to date through an integration of its Security Advisory API with Dependabot.
Study: CISOs Need to Take Charge of DevOps Security (DevOps, Feb 06 2019)
With all of these difficulties, what can the IT and DevOps teams do to increase security? How can the CISO help make security a central part of the app development process?
What Frameworks and Languages are Developers Using in 2019? (eWEEK, Feb 04 2019)
HackerRank surveyed over 71,000 developers to better understand how developers are working today, providing multiple insights into the programming languages and frameworks that are most in demand.
Check-in Links Sent by Several Airlines Expose Passenger Data (SecurityWeek, Feb 06 2019)
The check-in links sent to customers by several major airlines from around the world can allow hackers to obtain passengers’ personal information and possibly make changes to their booking.