A Review of the Best News of the Week on Cloud Security, DevOps, AppSec
Zoom Removes Code That Sends Data to Facebook (VICE, Mar 30 2020)
The change comes after Motherboard found the Zoom iOS app was sending analytics information to Facebook when users opened the app.
How to Secure Online Coding Platforms (DevOps, Apr 01 2020)
The evolution of DevOps teams and a greater reliance on cloud-based computing has completely changed the coding process. Now, with Integrated Development Environments (IDEs), coding can be done entirely online. This is convenient, but are online IDEs secure? To answer this, we will focus on two popular cloud-based IDEs: AWS Cloud9 and Visual Studio Online.
New Marriott Data Breach Affects 5.2 Million Guests (Infosecurity Magazine, Mar 31 2020)
Hotel chain Marriott International suffers second data breach
Filter Out the Noise
Since I started this curated newsletter in June 2017, I’ve clipped ~13,000 articles and narrowed them down into the best 20 per day & best 15 per week. This is my favorite way to cut through all the security marketing and hype. If you’re enjoying it, tell a friend. If you hate it, tell an enemy.
Thanks! – Lucas Samaras
Palo Alto Networks to Buy CloudGenix for $420M (Dark Reading, Mar 31 2020)
Palo Alto Networks plans to integrate CloudGenix’s SD-WAN technology into its Prisma SASE platform following the deal.
Amazon Detective – Rapid Security Investigation and Analysis (AWS News Blog, Mar 31 2020)
Amazon Detective is a fully managed service that empowers users to automate the heavy lifting involved in processing large quantities of AWS log data to determine the cause and impact of a security issue. Once enabled, Detective automatically begins distilling and organizing data from AWS Guard Duty, AWS CloudTrail, and Amazon Virtual Private Cloud Flow Logs into a graph model that summarizes the resource behaviors and interactions observed across your entire AWS environment.
TLS 1.2 to become the minimum for all AWS FIPS endpoints (AWS Security Blog, Mar 31 2020)
To improve security for data in transit, AWS will update all of our AWS Federal Information Processing Standard (FIPS) endpoints to a minimum Transport Layer Security (TLS) version TLS 1.2 over the next year. This update will deprecate the ability to use TLS 1.0 and TLS 1.1 on all FIPS endpoints across all AWS Regions by March 31, 2021. No other AWS endpoints are affected by this change.
Security lapse exposed Republican voter firm’s internal code (TechCrunch, Mar 31 2020)
The exposed cache of code contained app secrets and internal passwords.