A Review of the Best News of the Week on Cloud Security, DevOps, AppSec

New Malware Hidden in Apple IDE Targets macOS Developers (Dark Reading:, Mar 19 2021)
XcodeSpy is latest example of growing attacks on software supply chain.

Researchers Discover Two Dozen Malicious Chrome Extensions (Dark Reading:, Mar 22 2021)
Extensions are being used to serve up unwanted adds, steal data, and divert users to malicious sites, Cato Networks says.

Facebook Paid Out $50K for Vulnerabilities Allowing Access to Internal Systems (SecurityWeek, Mar 19 2021)
A researcher says he has earned more than $50,000 from Facebook after discovering vulnerabilities that could have been exploited to gain access to some of the social media giant’s internal systems.

Filter Out the Noise
Since I started this curated security news in June 2017, I’ve clipped ~19,000 articles and narrowed them down into the best 20 per day & best 15 per week. This is my favorite way to cut through all the security marketing and hype. If you’re enjoying it, tell a friend. If you hate it, tell an enemy.
Thanks! – Lucas Samaras

Share today’s post on Twitter Facebook LinkedIn

Hobby Lobby Exposed 138GB of Data (VICE US – Motherboard, Mar 22 2021)
The cache included customer names, phone numbers, addresses, and the last four digits of their payment card.

Cloud Security Company Orca Raises $210 Million at $1.2 Billion Valuation (SecurityWeek, Mar 23 2021)
Cloud security firm Orca has achieved “unicorn” status after raising $210 million in a Series C funding round that values the company at $1.2 billion.

Prioritizing Application & API Security After the COVID Cloud Rush (Dark Reading:, Mar 24 2021)
As companies hit the gas to accommodate the rapid shift to work-from-home, security fell behind. Now, it’s time to close those gaps.

Common security practices don’t fully protect today’s enterprise SaaS platforms (SC Media, Mar 24 2021)
Today’s columnist, Brendan O’Connor of AppOmni, offers four tips for securing SaaS applications.

Incident Response and Knowing When to Automate (Cloud Security Alliance, Mar 24 2021)
An efficient incident response process will keep people in the loop without giving them all the keys to the machines. Instead, the goal is to free-up the security analyst’s time to focus on higher value work that requires critical thinking.

TikTok Pays Out $11,000 Bounty for High-Impact Exploit (SecurityWeek, Mar 22 2021)
A researcher has earned over $11,000 from TikTok after disclosing a series of vulnerabilities that could have been chained for a high-impact 1-click exploit.