A Review of the Best News of the Week on Cloud Security, DevOps, AppSec
The Role of Visibility in Securing Cloud Applications (Dark Reading, Apr 01 2021)
Traditional data center approaches aren’t built for securing modern cloud applications.
58% of IT and security pros concerned about security in the cloud (Help Net Security, Apr 06 2021)
The Cloud Security Alliance and AlgoSec published which queried nearly 1,900 IT and security professionals from a variety of organization sizes and locations, sought to gain deeper insight into the complex cloud environment that continues to emerge and that has only grown more complex since the onset of the pandemic.
SAP applications are getting compromised by skilled attackers (Help Net Security, Apr 07 2021)
Newly provisioned, unprotected SAP applications in cloud environments are getting discovered and compromised in mere hours, Onapsis researchers have found, and vulnerabilities affecting them are being weaponized in less than 72 hours after SAP releases security patches. Internet-exposed systems are more likely to be exploited and compromised, but there are also threats out there that are equipped to compromise SAP systems from the inside, they noted.
Filter Out the Noise
Since I started this curated security news in June 2017, I’ve clipped ~19,000 articles and narrowed them down into the best 20 per day & best 15 per week. This is my favorite way to cut through all the security marketing and hype. If you’re enjoying it, tell a friend. If you hate it, tell an enemy.
Thanks! – Lucas Samaras
AWS Verified, episode 4: How Lockheed Martin embeds security (AWS Security Blog, Apr 05 2021)
Last year Amazon Web Services (AWS) launched a new video series, AWS Verified, where we talk to global cybersecurity leaders about important issues, such as how the pandemic is impacting cloud security, how to create a culture of security, and emerging security trends.
Bug allows attackers to hijack Windows time sync software used to track security incidents (SC Media, Apr 06 2021)
Any disruption to Greyware’s Domain Time II could make it virtually impossible to track a security incident – and any sequence of events that are important to the business or regulators.
Details Disclosed for GitHub Pages Flaws That Earned Researchers $35,000 (SecurityWeek, Apr 07 2021)
A researcher has disclosed the details of a series of vulnerabilities that could have been exploited by an attacker to access an organization’s private pages on GitHub.
Reduce Unwanted Traffic on Your Website with New AWS WAF Bot Control (AWS News Blog, Apr 01 2021)
According to research done by the AWS Shield Threat Research Team, up to 51% of traﬃc heading into typical web applications originates from scripts running on machines, also known as bots. A wide variety of bots – some wanted, some unwanted – are hitting your endpoints.
7 ways to improve security of your machine learning workflows (AWS Security Blog, Mar 31 2021)
In this post, you will learn how to use familiar security controls to build more secure machine learning (ML) workflows. The ideal audience for this post includes data scientists who want to learn basic ways to improve security of their ML workflows, as well as security engineers who want to address threats specific…