A Review of the Best News of the Week on Cloud Security, DevOps, AppSec
Capital One Data Theft Impacts 106M People (Krebs on Security, Jul 30 2019)
“The FBI says Capital One learned about the theft from a tip sent via email on July 17, which alerted the company that some of its leaked data was being stored out in the open on the software development platform Github. That Github account was for a user named “Netcrave,” which includes the resume and name of one Paige A. Thompson.”
Azure publishes guidance for secure cloud adoption by governments (Microsoft Azure Blog, Jul 25 2019)
To help governments worldwide get answers to common cloud security related questions, Microsoft published a white paper, titled Azure for Secure Worldwide Public Sector Cloud Adoption. This paper addresses common security and isolation concerns pertinent to worldwide public sector customers.
Software Developers and Security (Schneier on Security, Jul 25 2019)
According to a survey: “68% of the security professionals surveyed believe it’s a programmer’s job to write secure code, but they also think less than half of developers can spot security holes.” And that’s a problem.
One of My Favorite Things
Since I started this curated newsletter in June 2017, I’ve clipped ~10,000 articles and narrowed them down into the best 20 per day & best 15 per week. This is my favorite way to cut through all the security marketing and hype. If you’re enjoying it, tell a friend. If you hate it, tell an enemy.
Thanks! – Lucas Samaras
Cloud adoption and security are not mutually exclusive (Help Net Security, Jul 29 2019)
many don’t realize that the thing that makes cloud computing great – speed, agility, easy implementation and scalability – also make it a nightmare for many security departments
Global IaaS market reached $32.4 billion in 2018, total growth was 31.3% (Help Net Security, Jul 30 2019)
The worldwide infrastructure as a service (IaaS) market grew 31.3% in 2018 to total $32.4 billion, up from $24.7 billion in 2017, according to Gartner. Amazon was once again the No. 1 vendor in the IaaS market in 2018, followed by Microsoft, Alibaba, Google and IBM.
Microsoft Makes Azure Security Center for IoT Generally Available (SecurityWeek, Jul 30 2019)
Microsoft this week announced the general availability of Azure Security Center for Internet of Things (IoT) devices.
Security a Top Concern as Containerization Gathers Pace (SecurityWeek, Jul 30 2019)
Within the increasing adoption of container technology, two things stand out: hybrid on-prem and cloud configurations are growing, and Kubernetes dominates. At the same time, concern over investment in security remains high.
Container Security Is Falling Behind Container Deployments (Dark Reading, Jul 30 2019)
Organizations are increasingly turning to containers even though they are not as confident in the security of those containers, according to a new survey.
Secure Your Cloud Estate with Continuous Audits (Chef Blog, Jul 25 2019)
Chef customers have access to a library of pre-created resources, including benchmarks created by the Center for Internet Security (CIS) that turn security best practices into specific, actionable controls that can be run against the systems you manage.
A Security-First Approach to DevOps (Dark Reading, Jul 29 2019)
Aware of the risks inherent in software, businesses are recognizing the need for application security.
DEF CON Invites Kids to Crack Campaign Finance Portals (Dark Reading, Jul 24 2019)
DEF CON’s Voting Village and AI Village team up with r00tz Asylum to let kids explore simulated campaign financial disclosure portals and disinformation campaigns.
Authenticated XSS Found in WordPress Plugin Facebook Widget (SecurityWeek, Jul 29 2019)
The WordPress plugin Facebook Widget (Widget for Facebook Page Feeds), which was recently closed on the WordPress plugin directory, is affected by an authenticated persistent Cross-Site Scripting (XSS), Plugin Vulnerabilities reports.