A Review of the Best News of the Week on Cloud Security, DevOps, AppSec
How Hackers Changed Strategy with Cloud (Cloud Security Alliance, Jul 21 2020)
Within minutes of adding a new endpoint to the internet, a potential attacker has scanned it. A single cloud misconfiguration can put a target on your organization’s back and put your data at risk.
Learn and use 13 AWS security tools to implement SEC recommended protection of stored customer data in the cloud (AWS Security Blog, Jul 16 2020)
“In this post, I will introduce you to 13 key AWS tools that you can use to address different facets of data protection across different types of AWS storage services. As a structure for the post, I will explain the key findings and issues the SEC OCIE found, and will explain how these tools help you meet the toughest compliance obligations and guidance. These tools and use cases apply to other industries as well.”
New Attack Technique Uses Misconfigured Docker API (Dark Reading, Jul 15 2020)
A new technique builds and deploys an attack on the victim’s own system
Filter Out the Noise
Since I started this curated newsletter in June 2017, I’ve clipped ~15,000 articles and narrowed them down into the best 20 per day & best 15 per week. This is my favorite way to cut through all the security marketing and hype. If you’re enjoying it, tell a friend. If you hate it, tell an enemy.
Thanks! – Lucas Samaras
Level Up Your Kubernetes Security Skills at Black Hat USA (Dark Reading, Jul 16 2020)
Gain access to a broad spectrum of in-depth cybersecurity Briefings and Trainings.
Fortinet Buys Cloud Security Firm OPAQ (Dark Reading, Jul 21 2020)
The company plans to add zero-trust networking capabilities to its Secure Access Service Edge architecture.
Cloud Configuration Error Exposes 260,000+ Actors (Infosecurity Magazine, Jul 17 2020)
MyCastingFile database left unsecured online
Fixing the Zoom ‘Vanity Clause’ – Check Point and Zoom collaborate to fix Vanity URL issue (Check Point Software, Jul 22 2020)
Zoom has fixed it, but here’s the details. This scenario targeted the Vanity URL capability. Upon setting up a meeting, an attacker could change the invitation link URL to include any registered sub-domain. For instance, if the original invitation link was https://zoom[.]us/j/7470812100, the attacker could change it to https://[.]zoom[.]us/j/7470812100. A victim receiving such an invitation would have had no way of knowing the invitation did not actually come from the actual organization.
In addition, the attacker could also change the link from /j/ to /s/: https://[.]zoom[.]us/s/7470812100. Given there are cases of organization’s logos appearing when entering such a URL, this could have added an additional layer of deception. Also, clicking on the “Sign in to Start” button, would often lead the victim to the organization’s legitimate portal. This issue impersonated relevant organizations using the Vanity URL capability.
Safety first: Announcing 11 new G Suite security features (Google Cloud Blog, Jul 21 2020)
“With so many people working remotely, it’s more important than ever that the tools we use to stay in touch and productive are safe and secure. That’s why today we’re announcing new updates that provide even stronger security in Gmail, Meet, and Chat. We’re also unveiling new ways to help IT admins easily manage and secure devices in the Admin Console.”