A Review of the Best News of the Week on Cloud Security, DevOps, AppSec
85% of COVID-19 tracking apps leak data (Help Net Security, Sep 29 2020)
71% of healthcare and medical apps have at least one serious vulnerability that could lead to a breach of medical data, according to Intertrust. The report investigated 100 publicly available global mobile healthcare apps across a range of categories—including telehealth, medical device, health commerce, and COVID-tracking—to uncover the most critical mHealth app threats. Cryptographic issues pose one of the most pervasive and serious threats, with 91% of the apps in the study failing one or …
Security-at-scale: 10 new security and management controls (Google Cloud Blog, Sep 29 2020)
With so many people working remotely, it’s imperative that the tools we use to stay productive are secure. Already this year we have worked to strengthen security for our customers and help make threat defense more effective.
Microsoft boots apps out of Azure used by China-sponsored hackers (Ars Technica, Sep 25 2020)
Active Directory apps used for command-and-control infrastructure are no more.
Filter Out the Noise
Since I started this curated newsletter in June 2017, I’ve clipped ~16,000 articles and narrowed them down into the best 20 per day & best 15 per week. This is my favorite way to cut through all the security marketing and hype. If you’re enjoying it, tell a friend. If you hate it, tell an enemy.
Thanks! – Lucas Samaras
Google Cloud Debuts Threat-Detection Service (Dark Reading, Sep 23 2020)
Lockdown economics are driving a threat-intelligence business boom. Chronicle Detect is Google’s answer to monitoring so much log data created by the distributed workforce.
5 tips for better Google Drive security (WeLiveSecurity, Sep 26 2020)
As cloud storage solutions are becoming more and more popular, we look at several simple steps you can take to secure your files on Google Drive
The Shared Irresponsibility Model in the Cloud Is Putting You at Risk (Dark Reading, Sep 29 2020)
Step up, put the architecture and organization in place, and take responsibility. If you don’t, who will?
9 Tips to Prepare for the Future of Cloud & Network Security (Dark Reading, Sep 28 2020)
Cloud and network security analysts outline trends and priorities businesses should keep top of mind as they grow more reliant on cloud.
Research: Cloud Skills and Solutions Are in Short Supply (Infosecurity Magazine, Sep 29 2020)
Businesses forced to rely on different teams with distinct skill sets to manage public and private cloud infrastructure
VMware Unveils New Cloud Workload Security Solution (SecurityWeek, Sep 29 2020)
VMware on Tuesday announced Carbon Black Cloud Workload, a new security solution designed to help organizations protect workloads running in private, virtualized and hybrid cloud environments.
Getting Over the Security-to-Business Communication Gap in DevSecOps (Dark Reading, Sep 25 2020)
Application security in a DevOps world takes more than great teamwork among security, developers, and operations staff.
Shifting Left of Left: Why Secure Code Isn’t Always Quality Code (Dark Reading, Sep 29 2020)
Enabling engineers to share responsibility for security and empowering them to erase common vulnerabilities are good starting points.
RASP 101: Staying Safe With Runtime Application Self-Protection (Dark Reading, Sep 25 2020)
The dream of RASP is to empower applications to protect themselves. How close do current implementations get to living the dream? Here’s what to know.
Critical Instagram Flaw Could Let Attackers Spy on Victims (Dark Reading, Sep 24 2020)
A now-patched remote code execution vulnerability could be exploited with a specially sized image file, researchers report.
Twitter bug may have exposed API keys, access tokens (SC Media, Sep 25 2020)
Twitter warned developers that a bug could have exposed their API keys and access tokens in their browser’s cache. The social media platform told developers it doesn’t believe the apps and tokens have been compromised and that the problem had been fixed. “Prior to the fix, if you used a public or shared computer to…
Twitter Says Bug Leading to API Key Leak Patched (SecurityWeek, Sep 28 2020)
Twitter last week started sending emails to developers to inform them of a vulnerability that might have resulted in the disclosure of developer information, including API keys.
Securing Slack: 5 Tips for Safer Messaging, Collaboration (Dark Reading, Sep 29 2020)
Remote workers and scattered teams are relying on Slack more and more for messaging and collaboration. Here are a few extra tips for keeping data and systems more secure when using Slack.