A Review of the Best News of the Week on Cloud Security, DevOps, AppSec
Dark Halo Leverages SolarWinds Compromise to Breach Organizations (Volexity, Dec 15 2020)
Near the end of this incident, Volexity observed the threat actor using a novel technique to bypass Duo multi-factor authentication (MFA) to access the mailbox of a user via the organization’s Outlook Web App (OWA) service.
Highly Evasive Attacker Leverages SolarWinds Supply Chain to Compromise
Multiple Global Victims With SUNBURST Backdoor (FireEye, Dec 15 2020)
We have discovered a global intrusion campaign, and we are tracking the actors behind this campaign as UNC2452.
Google Shares Cloud Security Tips (Dark Reading, Dec 10 2020)
Anton Chuvakin, head of solution strategy at Google Cloud Security, discusses common cloud security hurdles and how to get over them.
Filter Out the Noise
Since I started this curated newsletter in June 2017, I’ve clipped ~17,000 articles and narrowed them down into the best 20 per day & best 15 per week. This is my favorite way to cut through all the security marketing and hype. If you’re enjoying it, tell a friend. If you hate it, tell an enemy.
Thanks! – Lucas Samaras
Accelerated cloud migration may leave business data insecure (Help Net Security, Dec 16 2020)
The pandemic has accelerated digital transformation for 88% of global organizations. However, this increase in cloud adoption may leave business data insecure, Trend Micro reveals. Accelerated cloud migration “It’s a very positive sign that a majority of organizations around the world are embracing digital transformation and adopting the cloud,” said Mark Nunnikhoven, VP of cloud research for Trend Micro.
Use Macie to discover sensitive data as part of automated data pipelines (AWS Security Blog, Dec 09 2020)
Data is a crucial part of every business and is used for strategic decision making at all levels of an organization. To extract value from their data more quickly, Amazon Web Services (AWS) customers are building automated data pipelines—from data ingestion to transformation and analytics.
Better together: Expanding the Confidential Computing ecosystem (Google Cloud Blog, Dec 16 2020)
“Today, we are happy to announce that we have completed the rollout of Confidential VMs to general availability in nine regions. Our partners have played a huge part in this journey.”
Create a secure and code-free data pipeline in minutes using Cloud Data Fusion (Google Cloud Blog, Dec 16 2020)
Organizations are increasingly investing in modern cloud warehouses and data lake solutions to augment analytics environments and improve business decisions. The business value of such repositories increases as additional data is added. And with today’s connected world and many companies adopting a multi-cloud strategy, it is very common to see a scenario where the source data is stored in a cloud provider different from where the final data lake or warehouse is deployed.
What is zero trust identity security? (Google Cloud Blog, Dec 10 2020)
A zero trust network is one in which no person, device, or network enjoys inherent trust. All trust, which allows access to information, must be earned, and the first step of that is demonstrating valid identity. A system needs to know who you are, confidently, before it can determine what you should have access to. Add to that the understanding of what you can access–authorization–and you’ve got the core foundation of zero trust security.
How to develop secure and scalable serverless APIs (Cloud Blog, Dec 10 2020)
Among Google Cloud customers, we see a surge in interest in developing apps on so-called serverless platforms that let you develop scalable, request- or event-driven applications without having to set up your own dedicated infrastructure. A serverless architecture can considerably improve the way you build applications and services, in turn accelerating innovation and increasing agility.
Microsoft introduces steps to improve internet routing security (Microsoft Azure Blog, Dec 09 2020)
The internet runs on the Border Gateway Protocol (BGP). A network or autonomous system (AS) is bound to trust, accept, and propagate the routes advertised by its peers without questioning its provenance.
How to make DevSecOps stick with developers (Help Net Security, Dec 14 2020)
While DevOps culture has brought innovation to the industry and transformed the way software is developed, it’s arguably an outdated concept. The truth is that DevOps has allowed for new features and applications to be rolled out at such speed that traditional security practices simply aren’t able to keep up. The other problem is that the security testing that does occur (e.g., penetration testing and code reviews), usually takes place towards the end of the … More →
The post How to make DevSec
Begin Your DevSecOps Journey on Learn Chef (Chef Blog, Dec 15 2020)
For some time now, Learn Chef has been the destination of choice for IT ops practitioners to learn how to expand their DevOps skill sets. Whether it be learning about securing your infrastructure, managing a fleet of IT resources, or consistently delivering applications, Learn Chef has you covered.
GitHub rolls out dependency review, vulnerability alerts for pull requests (ZDNet, Dec 14 2020)
The aim is to prevent vulnerable code from being added to dependencies by accident.
Spotify Resets Passwords After Leaking User Data to Partners (Infosecurity Magazine, Dec 15 2020)
Breach went undetected for seven months