A Review of the Best News of the Week on Cloud Security, DevOps, AppSec
Bug Bounties- Deep Testing & Less for Traditional Flaws (Infosecurity Magazine, Aug 01 2019)
Bugcrowd also said that the average payout for critical vulnerabilities reached $2,669.92, a 27% increase over the last year. However, it claims that “researchers are no longer going after things like XSS, CSRF, and SSI as those are fairly easy to find by many scanners out there today” and are now doing deep testing, leading to the top five vulnerabilities
Three Weeks After Closing the Red Hat Deal, IBM Rolls Out New Cloud Offerings (IT Pro, Aug 02 2019)
Managed services and software optimized for Red Hat OpenShift and Linux aimed at helping enterprises move to the cloud.
Back to square one: The Capital One breach proved we must rethink cloud security (Darktrace Blog, Aug 05 2019)
The path forward is to use artificial intelligence to understand how users behave within a company’s perimeter walls.
One of My Favorite Things
Since I started this curated newsletter in June 2017, I’ve clipped ~10,000 articles and narrowed them down into the best 20 per day & best 15 per week. This is my favorite way to cut through all the security marketing and hype. If you’re enjoying it, tell a friend. If you hate it, tell an enemy.
Thanks! – Lucas Samaras
Microsoft Opens Azure Security Lab, Raises Top Azure Bounty to $40K (Dark Reading, Aug 05 2019)
Microsoft has invited security experts to ‘come and do their worst’ to mimic cybercriminals in the Azure Security Lab.
Former Twitter CISO Launches Startup to Secure Cloud Collaboration (Dark Reading, Jul 31 2019)
Altitude Networks, led by Michael Coates and Amir Kavousian, aims to prevent accidental and malicious file sharing.
Orchestrating security policies across your hybrid cloud with intelligent data virtualization (Help Net Security, Jul 31 2019)
The proliferation of data is causing a security and governance challenge across the hybrid cloud. Estimates project the global datasphere will grow from 33 zettabytes in 2018 to 175 by 2025.
Public cloud data continues to grow, headed toward $500 billion by 2023 (Help Net Security, Aug 05 2019)
The worldwide public cloud services market grew 27.4% year over year in 2018 with revenues totaling nearly $183 billion, according to IDC.
New protections for users, data, and apps in the cloud (Google Cloud Blog, Jul 31 2019)
“We continue to push our pace of security innovation, and today at Google Cloud Next ‘19 Tokyo, we’re announcing four new capabilities to help customers protect their users, data, and applications in the cloud.”
Introducing the “Preparing for the California Consumer Privacy Act” whitepaper (AWS Security Blog, Jul 31 2019)
AWS has published a whitepaper, Preparing for the California Consumer Protection Act, to provide guidance on designing and updating your cloud architecture to follow the requirements of the California Consumer Privacy Act (CCPA), which goes into effect on January 1, 2020.
Cloud Security Alliance Releases New Threat List (Infosecurity Magazine, Aug 06 2019)
The Cloud Security Alliance has updated its three-year-old threat list with some new issues to look out for.
Securing DevOps Is About People and Culture (Dark Reading, Aug 06 2019)
Preconceived notions and divisions make building security into the software development life cycle an uphill battle for many organizations.
Vendor Blocks 65,000 Magecart Data Theft Attempts in July (Infosecurity Magazine, Aug 01 2019)
it shows that US shoppers account for the vast majority of those targeted, nearly 54% in total. Canadians came in second with nearly 16% and then there’s a long tail of countries including Germany (7%), the Netherlands (6%), France and the UK (5%) and Australia (3%).
4 million Club Penguin Rewritten accounts exposed in breach (Naked Security – Sophos, Aug 02 2019)
The hugely popular gaming site Club Penguin Rewritten suffered a serious data breach.
Pearson data breach impacts thousands of university accounts (SC Magazine, Aug 02 2019)
London-based educational software maker Pearson reported on Wednesday a data breach involving about 13,000 school and university AIMSweb 1.0 accounts.
Digital bank Monzo urges customers to change PINs following security breach (Help Net Security, Aug 06 2019)
Monzo, a UK-based mobile-only bank, has notified a subset of its users that their PINs have been inadvertently leaked into internal log files and were accessible to some of the company’s engineers.
GitHub ‘encourages’ hacking, says lawsuit following Capital One breach (Naked Security – Sophos, Aug 06 2019)
The class action charges Capital One and GitHub, charging it with being “friendly” (at least) toward hacking and for the hackers’ posts.
Developer Bypasses Chrome’s Anti-Incognito Detection (SecurityWeek, Aug 06 2019)
Chrome 76 closed a loophole that allowed sites to detect when the Incognito Mode was being used, but a bypass for it has already been discovered.