A Review of the Best News of the Week on Cloud Security, DevOps, AppSec
Open Source Vulnerabilities Increased By 130% in 2019 (Infosecurity Magazine, Jun 08 2020)
Open source software vulnerabilities are at historically high levels
Will Vote-by-App Ever Be Safe? (Dark Reading, Jun 09 2020)
Even with strong security measures, Internet voting is still vulnerable to abuse from state-sponsored actors and malicious insiders.
What’s new in Google Cloud firewalls (Google Cloud Blog , Jun 10 2020)
“Firewalls are an integral part of almost any IT security plan. With our native, fully distributed firewall technology, Google Cloud aims to provide the highest performance and scalability for all your enterprise workloads.
We also know that the more control and flexibility you have, the more secure you can be. With that in mind, today we’re adding some new firewall features that provide even more flexibility, control, visibility, and optimization.”
Filter Out the Noise
Since I started this curated newsletter in June 2017, I’ve clipped ~14,000 articles and narrowed them down into the best 20 per day & best 15 per week. This is my favorite way to cut through all the security marketing and hype. If you’re enjoying it, tell a friend. If you hate it, tell an enemy.
Thanks! – Lucas Samaras
Amazon Web Services (A Day In The Life Of…, Jun 05 2020)
A list of what most every AWS service does in a single one-liner to give you a global overview.
More S3 Buckets Compromised with Magecart and Malicious Redirector (Infosecurity Magazine, Jun 09 2020)
Malicious code spread via misconfigured AWS infrastructure
Magecart skimmer strikes Fitness Depot at checkout (SC Media, Jun 09 2020)
A Magecart credit card skimmer scheme used on Canadian fitness equipment retailer Fitness Depot’s e-commerce system Feb. 18 affected an undisclosed number of customers requesting either at-home delivery or in-store pickup at one of the company’s 40 stores.
Google Researcher Finds Vulnerability in VMware Virtualization Products (SecurityWeek, Jun 10 2020)
VMware this week informed customers that it has patched a high-severity information disclosure vulnerability affecting its Workstation, Fusion and vSphere virtualization products.
Misconfigured Public Cloud Databases Attacked Within Hours of Deployment (SecurityWeek, Jun 10 2020)
More Data May be Lost Through Misconfigured Public Cloud Databases Than We Are Led to Believe
Despite investing in DevOps tools and practices, teams still encounter customer-impacting errors (Help Net Security, Jun 05 2020)
An overwhelming majority of organizations prioritize software quality over speed, yet still experience customer-impacting issues regularly, according to OverOps.
Cooking up secure code: A foolproof recipe for open source (Help Net Security, Jun 04 2020)
The use of open source code in modern software has become nearly ubiquitous. It makes perfect sense: facing ever-increasing pressures to accelerate the rate at which new applications are delivered, developers value the ready-made aspect of open source components which they can plug in where needed, rather than building a feature from the ground up
Firefox fixes cryptographic data leakage in latest security update (Naked Security – Sophos, Jun 03 2020)
How time flies – the latest four-weekly Firefox update is out.
Apple hopes to bolster password security with open source project (WeLiveSecurity, Jun 08 2020)
The tech giant wants developers of password managers to collaborate for better user experience and security
DARPA Bug Bounty Program Seeks to Harden SSITH Hardware Protections (SecurityWeek, Jun 10 2020)
The Defense Advanced Research Projects Agency (DARPA) is running a bug bounty program in an effort to find security vulnerabilities in a new, advanced implementation of the System Security Integration Through Hardware and Firmware (SSITH) program.