A Review of the Best News of the Week on Cloud Security, DevOps, AppSec
122+ announcements from Google Cloud Next ‘19 (Google Cloud Blog, Apr 12 2019)
“It was a lot to digest, but we’ve boiled it down here into all the announcements from the week across infrastructure, application development, data management, smart analytics and AI, productivity, partnerships, and more.”
Majority of Hotel Websites Leak Guest Booking Info (Dark Reading, Apr 10 2019)
Third parties such as ad, search engine, and analytics firms often have access to guest name, address, phone numbers, credit cards and other data, Symantec says.
Microsoft’s Edge browser reborn after Chromium makeover (Naked Security – Sophos, Apr 15 2019)
After three years of embarrassing rejection, might Microsoft’s newly-Chromed Edge browser be on the up?
8,000 Security News Articles
Since I started this curated newsletter in June 2017, I’ve clipped ~8,000 articles and narrowed them down into the best 20 per day. This is my favority way to stay abreast of the industry. Readers like you make this all worthwhile.
Thanks! – Lucas Samaras
Google Cloud makes some strong moves to differentiate itself from AWS and Microsoft (TechCrunch, Apr 11 2019)
Google Cloud held its annual customer conference, Google Cloud Next, this week in San Francisco. It had a couple of purposes. For starters, it could introduce customers to new CEO Thomas Kurian for the first time since his hiring at the end of last year. And secondly, and perhaps more importantly, it could demonstrate that it can offer a value proposition that is distinct from AWS and Microsoft.
Google Boosts Cloud Security, Transparency and Identity (eWEEK, Apr 10 2019)
At Google Next, new and enhanced services debut to provide organizations with improved visibility and control over cloud resources, to help limit potential security risks.
Cloud Security Firm Bitglass Raises $70 Million (SecurityWeek, Apr 10 2019)
Silicon Valley-based cloud security firm Bitglass this week announced that it raised $70 million in a Series D funding round, which brings the total raised by the company to date to over $150 million.
Forming the Cloud Security Center of Excellence (DisruptOps, Apr 15 2019)
“We spend a lot of time talking to cloud security professionals, basically trying to figure out the best ways to get their jobs done in largely uncharted territory. Cloud technology is evolving at an unprecedented rate, empowering line of business users to move fast and not ask permission from IT or Security. Of course this can result in an unmanaged environment, with many traditional governance models rendered useless by the accessibility and ease of using the cloud. This is what we call cloud chaos.”
What is driving organizations’ cloud adoption? (Help Net Security, Apr 16 2019)
The top cloud providers for 2018 have maintained their positions: AWS is leading the pack (67 percent), followed by Microsoft Azure (60 percent) and Google Cloud (26 percent).
DevOps and Security: Be Ready to Shield Your Application (DevOps, Apr 16 2019)
All of us have heard of continuous improvement/continuous delivery (CI/CD). There are many benefits to implementing CI/CD, as it helps seamless integration from end to end for development and deployment processes. CI/CD helps in rapid improvement, shorter release cycles and more, but it also helps with the challenge of handling security effectively at DevOps speed.
Safe Harbor Programs: Ensuring the Bounty Isn’t on White Hat Hackers’ Heads (Dark Reading, Apr 10 2019)
As crowdsourced security-testing surges in popularity, companies need to implement safe harbor provisions to protect good-faith hackers — and themselves.
Facebook admits “supply chain data leak” in new Oculus headsets (Naked Security – Sophos, Apr 14 2019)
The problem with IT-related Easter Eggs these days, especially if they’re programmatically embedded into software, firmware or websites, is that hidden features are generally regarded as a very bad thing indeed.
Facebook Pays $120,000 in Bounties at BountyCon (SecurityWeek, Apr 12 2019)
Facebook and Google have wrapped up the first edition of their BountyCon Asia-Pacific bug hunting conference, which resulted in $120,000 awarded in bounties.
Adblock Plus Exploit allows threat actors to read Gmail and other Google services (SC Magazine, Apr 16 2019)
Independent security researcher Armin Sebastian discovered a vulnerability in Adblock Plus which can allow hackers to read a victim’s Gmail and look into other Google services. Adblock Plus is the world’s most popular free advertisement blocker with millions of users and extensions that run in all the major web browsers including Chrome, Edge, Firefox, Opera and Safari.