A Review of the Best News of the Week on Cloud Security, DevOps, AppSec
Hackers Can Slip Invisible Malware into ‘Bare Metal’ Cloud Computers (Wired, Feb 26 2019)
Researchers point a tough-to-fix in some cloud computing setups: hackable firmware.
Experts Find Serious Problems With Switzerland’s Online Voting System (Motherboard, Feb 22 2019)
The public penetration test doesn’t begin until next week, but experts who examined leaked code for the Swiss internet voting system say it’s poorly designed and makes it difficult to audit the code for security and configure it to operate securely.
Flash “security bypass” list hidden in Microsoft Edge browser (Naked Security – Sophos, Feb 22 2019)
Until this month, the Edge browser could bypass its own warnings about Flash content on 58 websites, thanks to a hidden list.
8,000 Security News Articles
Since I started this curated newsletter in June 2017, I’ve clipped ~8,000 articles and narrowed them down into the best 20 per day. This is my favority way to stay abreast of the industry. Readers like you make this all worthwhile.
Thanks! – Lucas Samaras
Google Cloud Services Platform Now Runs On-Premises (eWEEK, Feb 26 2019)
Google is extending its Cloud Platform beyond the confines of its own data centers, enabling organizations to run its Cloud Services Platform on-premises. The beta of the Kubernetes-based Cloud Services Platform is now available, providing organizations with the ability to run Google cloud workloads on their own hardware infrastructure and manage it in a unified approach with workloads running in the public cloud.
As Businesses Move Critical Data to Cloud, Security Risks Abound (Dark Reading, Feb 20 2019)
Companies think their data is safer in the public cloud than in on-prem data centers, but the transition is driving security issues.
How are businesses facing the cybersecurity challenges of increasing cloud adoption? (Help Net Security, Feb 21 2019)
82 percent of cloud users have experienced security events due to confusion over the shared responsibility model. What’s more, only 10% of the polled CISOs fully understand the shared responsibility security model, compared with 25% of CIOs who report no confusion.
Exposure of sensitive data via cloud applications and services increases 20% (Help Net Security, Feb 22 2019)
98% of assessments discovered sensitive and confidential information exposed and available online and in the cloud; found primarily in Dropbox, Google G Suite, and Microsoft Office 365. This was an increase of 20% over 2018.
Researcher Earns $10,000 for Another XSS Flaw in Yahoo Mail (SecurityWeek, Feb 22 2019)
A researcher says he has discovered yet another critical cross-site scripting (XSS) vulnerability in Yahoo Mail. The recently patched flaw could have been exploited to steal the targeted user’s emails and attach malicious code to their outgoing messages.
Supermicro hardware weaknesses let researchers backdoor an IBM cloud server (Ars Technica, Feb 26 2019)
Other providers of bare-metal cloud computing might also be vulnerable to BMC hack.
DevOps Security Challenges (DZone, Feb 26 2019)
The DevOps ethos has introduced a change in how associations create, work, and keep up applications and IT frameworks, both on location and in cloud conditions. By mixing two generally separate IT universes, IT advancement and IT activities, a DevOps show totals numerous capacities — details and prerequisites, coding, testing, operational availability, usage, and the sky is the limit from there. DevOps is supplemented by lithe programming advancement forms, which advances cross-group arrangement and joint effort, just as the bespoke improvement.
Police bust their own radio shop manager for dodgy software updates (Naked Security – Sophos, Feb 27 2019)
Police allege that he updated radios with fraudulent software from a radio enthusiast who allegedly hacked encrypted radios for drug cartels.
Copy Formula Down