A Review of the Best News of the Week on Cloud Security, DevOps, AppSec

Linux container bug could eat your server from the inside – patch now! (Sophos, Feb 12 2019)
Crooks could take over your network thanks to a critical bug in a popular Linux containerisation toolkit… here’s what you need to know.

Google Open Sources Fuzzing Platform (SecurityWeek, Feb 08 2019)
Google announced this week that it has open sourced ClusterFuzz, the fuzzing infrastructure it built to help finding memory corruption bugs in Chrome.

“Catastrophic” hack on email provider destroys almost two decades of data (Ars Technica, Feb 12 2019)
VFEmail says data for virtually all US users is gone for good.

8,000 Security News Articles
Since I started this curated newsletter in June 2017, I’ve clipped ~8,000 articles and narrowed them down into the best 20 per day. This is my favority way to stay abreast of the industry. Readers like you make this all worthwhile.
Thanks! – Lucas Samaras

Share today’s post on Twitter Facebook LinkedIn

Infosec pros believe data isn’t secure in the cloud, despite desire for mass adoption (Help Net Security, Feb 08 2019)
65 percent of infosecurity professionals would like to store object data in the cloud, but 47 percent either don’t believe or are not sure if data in the cloud is as secure as in their own data center, according to a study by Ponemon Institute.

OkCupid Denies Data Breach Amid Account Hack Complaints (Dark Reading, Feb 11 2019)
Users on the dating website report hackers breaking into their accounts, changing email addresses, and resetting passwords.

Haven Cyber Technologies acquires Onevinn (Help Net Security, Feb 10 2019)
Haven Cyber Technologies (“Haven”) announces its acquisition of Onevinn, the leading Swedish provider of Microsoft cloud security services and solutions. The acquisition reflects Haven’s continued focus on strengthening its solutions, products and consulting competencies and becoming the leading European Managed Security Service Provider (MSSP). Onevinn offers security solutions for the cloud and the mobile connected world.

DevOps and DevSecOps developments to watch in 2019 (Help Net Security, Feb 08 2019)
“Some predictions are more accurate than others. Last year, I was sure that serverless would finally overtake containers—but then 2018 turned out to be the year of Kubernetes. In the San Francisco Bay Area, you couldn’t throw a rock without hitting an engineer talking about Kubernetes (or cryptocurrency, but let’s not go there.) That’s not stopping me from offering a fresh batch of hot-off-the-press predictions about DevOps and DevSecOps for 2019.”

Mumsnet Privacy Snafu Exposes User Info (Infosecurity Magazine, Feb 11 2019)
Cloud migration headache hits popular parenting site

Chrome OS Network Manager Sandboxed, Stripped of Root Privileges (SecurityWeek, Feb 11 2019)
The latest version of Google’s Chrome OS operating system brings some significant security improvements related to the Shill network manager, including a sandbox and fewer privileges.

Symantec Acquires Luminate to Build on Cloud Security (Dark Reading, Feb 12 2019)
Luminate Security, which specializes in software-defined perimeter technology, will extend Symantec’s integrated defense platform.

Application Security Firm ShiftLeft Raises $20 Million (SecurityWeek, Feb 12 2019)
Application security firm ShiftLeft on Tuesday announced that it raised $20 million in a Series B funding round, which brings the total raised by the company to nearly $30 million.

Exploring container security: Encrypting Kubernetes secrets with Cloud KMS (Cloud Blog, Feb 07 2019)
In a default Kubernetes installation, Kubernetes secrets are stored in etcd in plaintext. In GKE, this is managed for you: GKE encrypts these secrets on disk, and monitors this data for insider access. But this might not be enough to protect those secrets from a potentially malicious insider, or a malicious application in your environment.

Modernizing security with cloud native computing (Cloud Blog, Feb 06 2019)
Emerging cloud native devices can help organizations overcome some of the most significant security and administrative challenges, improving on the inflexible systems of the past. Above all, they can help ensure that highly-mobile cloud workers have a better, more productive and secure experience in the digital workplace.