A Review of the Best News of the Week on Cloud Security, DevOps, AppSec

Zerodium Offering $300,000 for WordPress Exploits (SecurityWeek, Apr 12 2021)
Exploit acquisition company Zerodium announced last week that it’s temporarily offering $300,000 for high-impact WordPress exploits.

Reddit takes bug bounty program public (SC Media, Apr 14 2021)
Reddit announced Wednesday that it is taking its bug bounty program public. The popular social news site and community forum platform has run a private program with HackerOne for the past three years, but hopes that by going public, it can more quickly address vulnerabilities, improve its defenses and keep the platform secure. “We’ve seen…

$200,000 Awarded for Zero-Click Zoom Exploit at Pwn2Own (SecurityWeek, Apr 08 2021)
Two researchers earned $200,000 on the second day of the Pwn2Own 2021 hacking competition for a Zoom exploit allowing remote code execution without user interaction.

Filter Out the Noise
Since I started this curated security news in June 2017, I’ve clipped ~19,000 articles and narrowed them down into the best 20 per day & best 15 per week. This is my favorite way to cut through all the security marketing and hype. If you’re enjoying it, tell a friend. If you hate it, tell an enemy.
Thanks! – Lucas Samaras

Share today’s post on Twitter Facebook LinkedIn

Optimizing cloud governance on AWS: Integrating the NIST Cybersecurity Framework, AWS Cloud Adoption Framework, and AWS Well-Architected (AWS Security Blog, Apr 12 2021)
Your approach to security governance, risk management, and compliance can be an enabler to digital transformation and business agility. As more organizations progress in their digital transformation journey—empowered by cloud computing—security organizations and processes cannot simply participate, they must lead in that transformation

Making access to SaaS applications more secure with BeyondCorp Enterprise (Google Cloud Blog, Apr 08 2021)
An explosion of SaaS applications over the last decade has fundamentally changed the security landscape of modern enterprises. According to the Cloud Security Threat Report1, the average organization uses hundreds, possibly upwards of 1,000 of SaaS applications, many of these unsanctioned by IT departments, and this number is only forecasted to increase.

PoC Exploit Released for Unpatched Flaw Affecting Chromium-Based Browsers (SecurityWeek, Apr 13 2021)
A researcher has made public a proof-of-concept (PoC) exploit for a recently discovered vulnerability affecting Chrome, Edge and other Chromium-based web browsers.