A Review of the Best News of the Week on Cloud Security, DevOps, AppSec

Defending software build pipelines from malicious attack (UK Gov NCSC, Feb 18 2021)
Compromise of your software build pipeline can have wide-reaching impact; here’s how to tackle the problem.

Half of Apps Contain at Least One Serious Exploitable Vulnerability (Infosecurity Magazine, Feb 18 2021)
Nearly 70% of apps in manufacturing have at least one serious vulnerability

The state of multicloud adoption, its drivers, and the technologies enabling it (Help Net Security, Feb 21 2021)
Turbonomic announced findings from the survey of over 800 global IT professionals that examines the current state of multicloud adoption, its drivers, and the technologies enabling it, including containers, public cloud, and edge computing.


Filter Out the Noise
Since I started this curated security news in June 2017, I’ve clipped ~17,000 articles and narrowed them down into the best 20 per day & best 15 per week. This is my favorite way to cut through all the security marketing and hype. If you’re enjoying it, tell a friend. If you hate it, tell an enemy.
Thanks! – Lucas Samaras

Share today’s post on Twitter Facebook LinkedIn


How to set up a recurring Security Hub summary email (AWS Security Blog, Feb 24 2021)
AWS Security Hub provides a comprehensive view of your security posture in Amazon Web Services (AWS) and helps you check your environment against security standards and best practices. In this post, we’ll show you how to set up weekly email notifications using Security Hub to provide account owners with a summary of the existing security…

Microsoft Azure Front Door Gets a Security Upgrade (Dark Reading, Feb 18 2021)
New SKUs in Standard and Premium preview beef up the security of the content delivery network platform.

Legal Firm Leaks 15,000 Cases Via the Cloud (Infosecurity Magazine, Feb 24 2021)
Misconfiguration of AWS S3 bucket to blame

How to continuously audit and limit security groups with AWS Firewall Manager (AWS Security Blog, Feb 18 2021)
At AWS re:Invent 2019 and in a subsequent blog post, Stephen Schmidt, Chief Information Security Officer for Amazon Web Services (AWS), laid out the top 10 security items that AWS customers should pay special attention to if they want to improve their security posture. High on the list is the need to manage your network…

Azure Firewall Premium now in preview (Microsoft Azure Blog, Feb 16 2021)
Announcing the preview release of Azure Firewall Premium. Azure Firewall Premium provides next-generation firewall capabilities that are required for highly sensitive and regulated environments.

Exploring DevOps adoption among database pros (Help Net Security, Feb 22 2021)
Redgate has released a report which shows some dramatic changes in IT as a direct result of the current pandemic. Nearly three quarters of organizations have now adopted DevOps in some form, cross-platform database use has risen markedly and, significantly, IT teams have remained remarkably productive despite working remotely.

Avoid source code leaks on third-party repositories (SC Media, Feb 18 2021)
Nissan North America reported a significant source code leak in January because of misconfigured Git servers. Today’s columnist, Landon Winkelvoss of Nisos, offers some advice on how security teams can safeguard source code.