A Review of the Best News of the Week on Cloud Security, DevOps, AppSec
Microsoft Launches ElectionGuard Bug Bounty Program (SecurityWeek, Oct 22 2019)
Microsoft last week announced the launch of a new bug bounty program covering the ElectionGuard open source software development kit (SDK).
Autoclerk Database Spills 179GB of Customer, US Government Data (Dark Reading, Oct 22 2019)
An open Elasticsearch database exposed hundreds of thousands of hotel booking reservations, compromising data from full names to room numbers.
Top cloud security controls you should be using (CSO Online Cloud Security, Oct 21 2019)
Here’s a look at why misconfiguration continues to be a common challenge with cloud services, followed by seven cloud security controls you should be using to minimize the risks.
Filter Out the Noise
Since I started this curated newsletter in June 2017, I’ve clipped ~11,000 articles and narrowed them down into the best 20 per day & best 15 per week. This is my favorite way to cut through all the security marketing and hype. If you’re enjoying it, tell a friend. If you hate it, tell an enemy.
Thanks! – Lucas Samaras
New Azure AD Feature Detects Unauthorized Access Attempts (SecurityWeek, Oct 22 2019)
Microsoft this week announced the public preview of a new feature that allows enterprise users to check their Azure Active Directory sign-ins for any unusual activity.
In latest $10B JEDI contract twist, Defense secretary recuses himself (TechCrunch, Oct 22 2019)
Secretary of Defense Mark Esper recused himself from the selection process because one of his kids works at a company that was involved earlier in the process.
Best practices for a more secure login in Google Cloud (Google Cloud Blog, Oct 17 2019)
“In this post, we look at two important account security features that can help you protect user accounts from bad actors:
Google’s automatic protections that work during login.
Two-step verification (2SV), also known as two-factor authentication (2FA) or multi-factor authentication (MFA).”
Trend Micro Tackles Cloud Misconfigurations with Latest Acquisition (Infosecurity Magazine, Oct 22 2019)
Aussie start-up Cloud Conformity was AWS Tech Partner of the Year 2019. Cloud Conformity offers a single pane of glass via which companies can gain complete visibility into their AWS and Azure environments, receive alerts and prioritize remediation to improve security, governance and compliance efforts.
DevSecOps Explained in 5 Minutes (DZone DevOps Zone, Oct 18 2019)
Traditionally, software development involved two separate siloed departments: development and operations. The developers were responsible for writing the code and the operatives were responsible for implementing and managing it.
As car manufacturers focus on connectivity, hackers begin to exploit flaws (Help Net Security, Oct 18 2019)
Car manufacturers offer more software features to consumers than ever before, and increasingly popular autonomous vehicles that require integrated software introduce security vulnerabilities.
About 50% of Apps Are Accruing Unaddressed Vulnerabilities (Dark Reading, Oct 22 2019)
In rush to fix newly discovered security issues, developers are neglecting to address older ones, Veracode study finds.
American Express, Discover, Mastercard and Visa launch faster and more secure online checkout (Help Net Security, Oct 22 2019)
…faster, more secure online checkout based on the new EMV Secure Remote Commerce (SRC) industry standard, establishing a simplified way for card payments to be made across web and mobile sites, mobile apps and connected devices.