A Review of the Best News of the Week on Cloud Security, DevOps, AppSec
MITRE Releases 2019 List of Top 25 Software Weaknesses (Dark Reading, Sep 17 2019)
The list includes the most frequent and critical weaknesses that can lead to serious software vulnerabilities.
Leaky database spills data on 20 million Ecuadorians and businesses (Naked Security – Sophos, Sep 18 2019)
Included are deep details on 7 million minors, one grownup named Julian Assange, and perhaps a few million deceased Ecuadorians.
The Air Force Will Let Hackers Try to Hijack an Orbiting Satellite (Wired, Sep 17 2019)
At the Defcon hacking conference next year, the Air Force will bring a satellite for fun and glory.
One of My Favorite Things
Since I started this curated newsletter in June 2017, I’ve clipped ~10,000 articles and narrowed them down into the best 20 per day & best 15 per week. This is my favorite way to cut through all the security marketing and hype. If you’re enjoying it, tell a friend. If you hate it, tell an enemy.
Thanks! – Lucas Samaras
Oracle Launches New Services to Secure the Cloud (SecurityWeek, Sep 17 2019)
Oracle this week expanded its portfolio with three new services designed to help automatically protect cloud workloads and data. The new services, Oracle Data Safe, Oracle Cloud Guard and Oracle Cloud Maximum Security Zones, deliver centralized security configuration and posture management capabilities, while also automating the enforcement of security practices.
Five Common Cloud Configuration Mistakes (Dark Reading, Sep 17 2019)
It’s a joint responsibility to keep data safe in the cloud. Here’s what cloud customers must do to keep their end of the bargain.
Managing your cloud in the face of the California Consumer Privacy Act (SC Magazine, Sep 13 2019)
The California Consumer Privacy Act of 2018 (CCPA) was approved by the California State Governor on June 28, 2018, and goes into effect on January 1, 2020. The CCPA law sets new leading-edge standards in data privacy, not only for the State of California, but also for the rest of the United States.
The rise of modern applications, DevSecOps and the intelligence economy (Help Net Security, Sep 13 2019)
As customers adopt multi-cloud, Kubernetes adoption significantly rises. Enterprises are betting on Kubernetes to drive their multi-cloud strategies.
20% of customers in AWS-only environment use Kubernetes
23% of customers on AWS and Azure use Kubernetes
59% of customers on AWS and GCP use Kubernetes
More than 80% of customers on all three clouds use Kubernetes
VA adopts DevOps, agile methodology to improve cybersecurity (Federal News Network, Sep 13 2019)
The Department of Veterans Affairs has been going through a transformation for years, and a huge part of that centers on technology modernization and the agency’s adoption of DevOps and Agile methodologies.
Instagram Bug Put User Account Details, Phone Numbers at Risk (Dark Reading, Sep 12 2019)
It’s the latest in a series of bad news for Facebook, which recently patched an account-takeover flaw in Instagram that would have let an attacker take over any account by resetting its password. Earlier this month, 419 million phone numbers belonging to Facebook users were found publicly accessible in a third-party database left online without password protection.
Apps vulnerable to SQL injection via virtual assistant verbal commands (SC Magazine, Sep 17 2019)
Malicious hackers can use verbal commands to perform SQL injections on web-based apps run by virtual assistants such as Amazon’s Alexa.