A Review of the Best News of the Week on Cloud Security, DevOps, AppSec
IT Pros Name Misconfiguration #1 Cloud Security Threat (Infosecurity Magazine, Aug 13 2020)
Check Point report reveals skills shortage is biggest barrier to adoption. The top four threats were cited as: misconfiguration (68%), unauthorized cloud access (58%), insecure interfaces (52%), and account hijacking (50%).
Chrome 86 will prominently warn about insecure forms on secure pages (Help Net Security, Aug 18 2020)
Entering information into and submitting it through insecure online forms will come with very explicit warnings in the upcoming Chrome 86, Google has announced. The new alerts The browser will show a warning when a user begins filling out a mixed form (a form on a HTTPS site that does not submit through an HTTPS channel) and when a user tries to submit a mixed form.
How to Stay Secure on GitHub (Dark Reading, Aug 18 2020)
GitHub, used badly, can be a source of more vulnerabilities than successful collaborations. Here are ways to keep your development team from getting burned on GitHub.
Filter Out the Noise
Since I started this curated newsletter in June 2017, I’ve clipped ~16,000 articles and narrowed them down into the best 20 per day & best 15 per week. This is my favorite way to cut through all the security marketing and hype. If you’re enjoying it, tell a friend. If you hate it, tell an enemy.
Thanks! – Lucas Samaras
Most security pros are concerned about human error exposing cloud data (Help Net Security, Aug 13 2020)
A number of organizations face shortcomings in monitoring and securing their cloud environments, according to a Tripwire survey of 310 security professionals. 76% of security professionals state they have difficulty maintaining security configurations in the cloud, and 37% said their risk management capabilities in the cloud are worse compared with other parts of their environment. 93% are concerned about human error accidentally exposing their cloud data.
Why a cloud-native platform is a requirement for modern cybersecurity (SC Media, Aug 14 2020)
If you ask a cybersecurity professional what they like about their job, odds are high that somewhere near the top of the list is: “Things are always changing.” It’s almost a cliché that cyberthreats are always evolving, but it remains true.
Updated cryptojacking worm steals AWS credentials (Help Net Security, Aug 18 2020)
A malicious cryptocurrency miner and DDoS worm that has been targeting Docker systems for months now also steals Amazon Web Services (AWS) credentials. What’s more, TeamTNT – the attackers wielding it – have also begun targeting Kubernetes clusters and Jenkins servers. The original threat TeamTNT’s “calling card” appears when the worm first runs on the target installation. First spotted by MalwareHunterTeam and Trend Micro researchers in May 2020, the original worm would:
Scan for open Docker daemon ports (i.e., misconfigured Docker containers)
Create an Alpine Linux container to host the coinminer and DDoS bot
Search for and delete other coin miners and malware
Configure the firewall to allow ports that will be used by the other components, sinkhole other domain names, exfiltrate sensitive information from the host machine
Download additional utilities, a log cleaner, and a tool that attackers may use to pivot to other devices in the network (via SSH)
Download and install the coinminer
Collect system information and send it to the C&C server
Companies Team Up to Offer Cloud Auditing Certificate (Infosecurity Magazine, Aug 17 2020)
Cloud Security Alliance and ISACA to bring Certificate of Cloud Auditing Knowledge to market
Quickly build STIG-compliant Amazon Machine Images using Amazon EC2 Image Builder (AWS Security Blog, Aug 12 2020)
“In this post, we discuss how to implement the operating system security requirements defined by the Defence Information Systems Agency (DISA) Security Technical Implementation Guides (STIGs).”