A Review of the Best News of the Week on Cloud Security, DevOps, AppSec
Cybersecurity Firm Imperva Discloses Breach (Krebs on Security, Aug 27 2019)
“Imperva, a leading provider of Internet firewall services that help Web sites block malicious cyberattacks, alerted customers on Tuesday that a recent data breach exposed email addresses, scrambled passwords, API keys and SSL certificates for a subset of its firewall users.”
Nine AWS Security Hub best practices (AWS Security Blog, Aug 23 2019)
AWS Security Hub is a security and compliance service that became generally available on June 25, 2019. It provides you with extensive visibility into your security and compliance status across multiple AWS accounts, in a single dashboard per region. The service helps you monitor critical settings to ensure that your AWS accounts remain secure, allowing you to notice and react quickly to any changes in your environment.
Kubernetes Patches Recent HTTP/2 Vulnerabilities (SecurityWeek, Aug 23 2019)
Software updates released by Kubernetes this week address HTTP/2 implementation vulnerabilities that were disclosed earlier this month.
One of My Favorite Things
Since I started this curated newsletter in June 2017, I’ve clipped ~10,000 articles and narrowed them down into the best 20 per day & best 15 per week. This is my favorite way to cut through all the security marketing and hype. If you’re enjoying it, tell a friend. If you hate it, tell an enemy.
Thanks! – Lucas Samaras
Growing cloud adoption introduces visibility gaps and security complications (Help Net Security, Aug 27 2019)
Nearly 55 percent struggle with a lack of integration between current security analytics tools and cloud infrastructure.
Approximately 43 percent faced a lack of threat insights targeting cloud environments.
Best Practices for DevOps in the Cloud (eWEEK, Aug 21 2019)
How can development teams shorten the development life cycle without sacrificing the integrity of the features and updates?
#OSSummit: Don’t Ignore GitHub Security Alerts (Infosecurity Magazine, Aug 27 2019)
“When we publish code and put it on GitHub and that code has a dependency on something and that something has a vulnerability, should we care?”
GitHub joins WebAuthn club (Naked Security – Sophos, Aug 27 2019)
GitHub is the latest company to support WebAuthn, a new standard that makes logging into online services using a browser more secure.
Instagram asks security researchers to check out ‘Checkout’ feature (SC Magazine, Aug 21 2019)
Instagram is reportedly recruiting white-hat researchers to test the security of its new Checkout feature, which allows users to buy merchandise from select brands without ever having to leave the social media app.
Microsoft Offers Up to $30,000 for Flaws in Chromium-Based Edge (SecurityWeek, Aug 23 2019)
Microsoft is offering up to $30,000 for vulnerabilities found in the new version of its Edge browser.
Hacker Finds Instagram Account Takeover Flaw Worth $10,000 (SecurityWeek, Aug 26 2019)
A researcher says he has received $10,000 from Facebook after finding another critical vulnerability that could have been exploited to hack Instagram accounts.
Hacker Drops Steam Zero Day After Being Banned From Valve Bug Bounty Program (VICE, Aug 27 2019)
Valve says banning him was a mistake, but he made the bug public anyway.
WordPress plugins vulnerable to redirects (SC Magazine, Aug 27 2019)
A number of new and old WordPress plugin vulnerabilities are being targeted in an attempt to redirect traffic from victims’ sites to a number of potentially harmful locations.
Bug Bounty Program Launched for Facebook’s Libra Cryptocurrency (SecurityWeek, Aug 27 2019)
The Libra Association, the organization in charge of Facebook’s Libra cryptocurrency, has launched a public bug bounty program with rewards of up to $10,000.