A Review of the Best News of the Week on Cloud Security, DevOps, AppSec
5 Hackers Found 55 Bugs in Apple Products in 3 Months and Made $51,500 (VICE, Oct 08 2020)
Apple rewarded the researchers for finding some very serious bugs in the company’s websites. But for some, the researchers should have been paid more.
One of the worst of all the bugs they found would have allowed criminals to create a worm that would automatically steal all the photos, videos, and documents from someone’s iCloud account and then do the same to the victim’s contacts.
Facebook starts ‘Hacker Plus’ loyalty program for bug bounties (SC Media, Oct 09 2020)
Facebook today launched Hacker Plus – a loyalty program that aims to offer incentives to security researchers with additional rewards and benefits. In a post by Dan Gurfinkel, a security engineering manager at Facebook, the company said security researchers will be eligible for additional bonuses on bounty awards, access to more soon-to-be-released products and features…
GitHub envisions a world with fewer software vulnerabilities (Help Net Security, Oct 13 2020)
The Code Scanning feature is powered by CodeQL, a powerful static analysis engine built by Semmle, which was acquired by GitHub in September 2019.
Filter Out the Noise
Since I started this curated newsletter in June 2017, I’ve clipped ~17,000 articles and narrowed them down into the best 20 per day & best 15 per week. This is my favorite way to cut through all the security marketing and hype. If you’re enjoying it, tell a friend. If you hate it, tell an enemy.
Thanks! – Lucas Samaras
Major gaps in virtual appliance security plague organizations (Help Net Security, Oct 14 2020)
As evolution to the cloud is accelerated by digital transformation across industries, virtual appliance security has fallen behind, Orca Security reveals. Virtual appliance security The report illuminated major gaps in virtual appliance security, finding many are being distributed with known, exploitable and fixable vulnerabilities and on outdated or unsupported operating systems.
IBM expands the role of its hybrid-cloud security package (Network World Security, Oct 14 2020)
IBM adds data, threat intelligence and security service to Cloud Pak for Security system.
How to foster a secure and compliant DevOps culture (SC Media, Oct 12 2020)
It’s challenging to talk about DevOps and compliance together. Most people think of DevOps as a philosophical approach to software development that empowers developers, speeds time-to-market and reduces cost—without sacrificing quality. DevOps supports new approaches, while encouraging individual experimentation and decision-making.
DevSecOps Company apiiro Emerges From Stealth With $35 Million in Funding (SecurityWeek, Oct 13 2020)
Founded in 2019, the Israeli startup aims to help organizations accelerate application and infrastructure delivery through automating risk assessment and applying a ‘developers-first’ approach. The company aims to integrate security into design and development, to “reinvent secure development lifecycle.”
Undocumented backdoor that covertly takes snapshots found in kids’ smartwatch (Ars Technica, Oct 12 2020)
The X4, made and jointly developed in China, raises concerns.