A Review of the Best News of the Week on Cloud Security, DevOps, AppSec
Red Hat DevSecOps Strategy Centers on Quay (Container Journal, Jan 06 2020)
Red Hat is moving toward putting the open source Quay container registry at the center of its DevSecOps strategy for securing containers. The latest 3.2 version of Quay adds support for Container Security Operator, which integrates Quay’s image vulnerability scanning capabilities with Kubernetes.
Breaking Down the OWASP API Security Top 10 (Part 2) (Checkmarx, Jan 06 2020)
… the first five (5) risks and emphasized some of the possible attack scenarios in the context of the risks. In this article, I will attempt to clarify the last five (5) risks to help organizations understand the dangers associated with deficient API implementations.
Google Shifts to 90-Day Bug Disclosures by Default (Infosecurity Magazine, Jan 08 2020)
Project Zero team hopes it will improve thoroughness and adoption of patches
Filter Out the Noise
Since I started this curated newsletter in June 2017, I’ve clipped ~12,000 articles and narrowed them down into the best 20 per day & best 15 per week. This is my favorite way to cut through all the security marketing and hype. If you’re enjoying it, tell a friend. If you hate it, tell an enemy.
Thanks! – Lucas Samaras
Organizations May ‘Uncloud’ Over Security, Budgetary Concerns (Dark Reading, Jan 03 2020)
While most cloud vendors forecast continued adoption and growth, some customers are taking a harder look at the cloud services they’re using
What Tools Will Find Misconfigurations in My AWS S3 Cloud Buckets? (Dark Reading, Jan 06 2020)
Most of these tools are available for free on GitHub. S3-inspector, S3Scanner, and Bucket Finder are a few that will uncover buckets and misconfigurations.
API Security in DevOps: Are We Too Comfortable? (DevOps, Jan 08 2020)
API logging and review can be put in place to notice odd behavior by username, and offer early warning that a user has been compromised. But will only catch most issues.
U.K. Examines if Cyberattack Triggered London Stock Exchange Outage (WSJ, Jan 06 2020)
U.K. government agencies are examining whether a trading outage blamed on a software hiccup at the London Stock Exchange in August may actually have been caused by a cyberattack aimed at disrupting markets, according to people familiar with the matter.
Software Glitch Affects 14,000 New York City Parking Meters (WSJ, Jan 06 2020)
A software glitch has left 14,000 electronic parking meters across New York City unable to read credit cards since the start of the new year, city officials said.
TikTok Bugs Could Have Allowed Account Takeovers (Wired, Jan 08 2020)
As the social media app continues to gain popularity, security researchers are taking a closer look under the hood.