A Review of the Best News of the Week on Cloud Security, DevOps, AppSec

1/3 of businesses have cloud budget overruns of up to 40% (Help Net Security, Feb 02 2021)
More than one-third of businesses have cloud budget overruns of up to 40 percent, and one in 12 companies exceed this number, a Pepperdata survey of 750 senior enterprise IT professionals in industries ranging from finance to healthcare, automotive, advertising and other data-intensive businesses reveals.

Flaws in open source library used by DoD, IC for satellite imagery could lead to system takeovers (SC Media, Jan 29 2021)
Two vulnerabilities discovered could lead to remote code execution, while another could lead to denial of service attacks.

Beyond Corp Enterprise: True zero trust architecture for the multicloud (Google Cloud Blog, Feb 03 2021)
“We recognize the complexities that come with a zero trust journey and understand that most customers host resources across different cloud providers. With this in mind, BeyondCorp Enterprise was purpose-built as a multicloud solution, enabling customers to securely access resources hosted not only on Google Cloud or on-premises, but also across other clouds such as Azure and Amazon Web Services (AWS). “

Filter Out the Noise
Since I started this curated security news in June 2017, I’ve clipped ~17,000 articles and narrowed them down into the best 20 per day & best 15 per week. This is my favorite way to cut through all the security marketing and hype. If you’re enjoying it, tell a friend. If you hate it, tell an enemy.
Thanks! – Lucas Samaras

Share today’s post on Twitter Facebook LinkedIn

Azure Functions vulnerability proves cloud users not always in control (SC Media, Jan 28 2021)
A newly discovered Azure Functions vulnerability lets an attacker escalate privileges and escape the Azure Functions Docker to the Docker host. After an internal assessment, Microsoft determined that the vulnerability has no security impact on Azure Functions users because the Docker host itself gets protected by a Microsoft Hyper-V boundary, according to researchers from Intezer…

The cloud divide: Risks and rewards for companies that moved pre-pandemic (SC Media, Feb 01 2021)
Cloud enabled a lot of organizations to shift fast, accommodating the new business requirements that emerged with the pandemic. But where did security fit into the equation? SC Media spoke to Vikram Kunchala of Deloitte to find out.

Container security is a priority, but who’s responsibility is it? (Help Net Security, Feb 03 2021)
NeuVector released a survey that identifies current trends and challenges enterprises are grappling with as they increasingly turn to microservices architectures. Among respondents, 80% currently manage active container deployments and 87% are planning new container deployments over the next 6-12 months. Close to 90% of respondents utilize Kubernetes for container orchestration, and the majority name Jenkins their primary CI/CD pipeline automation tool (GitLab is second most-popular, with no…

AWS PrivateLink for Amazon S3 is Now Generally Available (AWS News Blog, Feb 02 2021)
“At AWS re:Invent, we pre-announced that AWS PrivateLink for Amazon S3 was coming soon, and soon has arrived — this new feature is now generally available. AWS PrivateLink provides private connectivity between Amazon Simple Storage Service (S3) and on-premises resources using private IPs from your virtual network.”

How consumers protect sensitive information when using FinTech apps (Help Net Security, Jan 31 2021)
42% of global consumers use a free FinTech app or platform. Of those, 50% do not know if the app they use sells their data. ESET has explored the topic of data security in the consumer segment of its global financial technology (FinTech) research, surveying 10,000 consumers across the UK, US, Australia, Japan and Brazil. Consumers were asked a series of questions on the topics of financial technology and cybersecurity.

As SolarWinds spooks tech firms into rechecking code, some won’t like what they find (SC Media, Jan 29 2021)
If more attacks are uncovered, end-user organizations must apply lessons learned from SolarWinds and take decisive action.

Flash is dead—but South Africa didn’t get the memo (Ars Technica, Feb 02 2021)
Adobe: You can’t use Flash in 2021. South Africa: Watch me!