A Review of the Best News of the Week on Cloud Security, DevOps, AppSec
Inside the Mind of the Hacker 2019 (Bugcrowd, Jun 23 2020)
A comprehensive overview of Bugcrowd’s security researcher community, the motivations for bug hunting and the economics of whitehat hacking.
Web skimming with Google Analytics (Securelist, Jun 22 2020)
Web skimming is a common class of attacks generally aimed at online shoppers. The principle is quite simple: malicious code is injected into the compromised site, which collects and sends user-entered data to a cybercriminal resource.
3 Big Amazon S3 Vulnerabilities You May Be Missing (Cloud Security Alliance, Jun 18 2020)
When there’s a data breach involving Amazon Web Services (AWS), more often than not it involves the Amazon S3 object storage service. The service is incredibly popular. Introduced way back in 2006 when few knew what the cloud was, S3 is highly scalable, reliable, and easy to use. But getting the security of S3 right—and making sure it stays that way—continues to confound many AWS customers.
Filter Out the Noise
Since I started this curated newsletter in June 2017, I’ve clipped ~14,000 articles and narrowed them down into the best 20 per day & best 15 per week. This is my favorite way to cut through all the security marketing and hype. If you’re enjoying it, tell a friend. If you hate it, tell an enemy.
Thanks! – Lucas Samaras
Setting up advanced network threat detection with Packet Mirroring (Google Cloud Blog, Jun 17 2020)
“In public cloud environments, getting access to full network traffic can be challenging. Last year, we launched Packet Mirroring in beta, and we’re excited to announce that it’s now generally available. Packet Mirroring offers full packet capture capability, allowing you to identify network anomalies within and across VPCs, internal traffic from VMs to VMs, traffic between end locations on the internet and VMs, and also traffic between VMs to Google services in production. “
Cloud Threats and Priorities as We Head Into the Second Half of 2020 (Dark Reading, Jun 22 2020)
With millions working from home and relying on the cloud, security leaders are under increasing pressure to keep their enterprises breach-free.
Accreditation models for secure cloud adoption (AWS Security Blog, Jun 22 2020)
as part of its Secure Cloud Adoption series, AWS released new strategic outlook recommendations to support decision makers in any sector considering or planning for secure cloud adoption. “Accreditation Models for Secure Cloud Adoption” provides best practices with respect to cloud accreditation to help organizations capitalize on the security benefits of commercial cloud computing, while maximizing efficiency, scalability, and cost reduction.
Moving to cloud-based SIEM: the cost advantage (Microsoft Security, Jun 17 2020)
Companies weigh multiple factors in any technology implementation, balancing risks with business needs and IT capabilities. And while the same is true with cloud-based security information and event management (SIEM) solutions, cost overwhelmingly shapes the discussion as well.
Increasing election security monitoring in cloud computing – Microsoft on the Issues (Microsoft, Jun 23 2020)
“we have an exciting announcement we believe will help increase election security while enabling election officials to take advantage of the advanced capabilities of cloud computing.
For years, the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency and state and local governments throughout the United States have worked with the non-profit Center for Internet Security, Inc. (CIS) to monitor the security of election-related data. This is enabled by Albert Network Monitoring, which examines internet traffic and connection attempts on networks owned and run by election officials – including voter registration systems, voter information portals and back-office networks.”
How to secure software in a DevOps world (Help Net Security, Jun 22 2020)
The COVID-19 pandemic and its impact on the world has made a growing number of people realize how many of our everyday activities depend on software. We increasingly work, educate ourselves, play, communicate with others, consume entertainment, go shopping and do many other things in the digital world, and we depend on software and online services/apps to make that possible.
Hybrid Cloud Definition Is Being Redefined (IT Pro, Jun 15 2020)
The evolving hybrid cloud definition will impact enterprise hybrid cloud strategy.