A Review of the Best News of the Week on Cloud Security, DevOps, AppSec

Hackers Used ‘Mind-Blowing’ Bug to Dodge macOS Safeguards (Wired, Apr 26 2021)
The vulnerability was patched Monday, but hackers had already used it to spread malware.

The next big thing in cloud computing? Shh… It’s confidential (Help Net Security, Apr 28 2021)
Over the last year, there’s been a great deal of talk about confidential computing—including secure enclaves or TEEs (Trusted Execution Environments). These are now available in servers built on chips from Amazon Nitro Enclaves, Intel SGX (Software Guard Extensions), and AMD SEV (Secure Encrypted Virtualization).

The confidential cloud employs these technologies to establish a secure and impenetrable cryptographic perimeter that seamlessly extends from a hardware root of trust to protect data in use, at rest, and in motion.

Is Low-Code Development a Security Risk? (DevOps, Apr 26 2021)
Compared to traditional development, low-code involves a variety of personas working together to build applications while dealing with automatically generated code, ready-made components and built-in default configurations. This shift in environment revealed some unique challenges that need to be addressed. There are a few common security challenges with remote teams building on low-code.


Filter Out the Noise
Since I started this curated security news in June 2017, I’ve clipped ~19,000 articles and narrowed them down into the best 20 per day & best 15 per week. This is my favorite way to cut through all the security marketing and hype. If you’re enjoying it, tell a friend. If you hate it, tell an enemy.
Thanks! – Lucas Samaras

Share today’s post on Twitter Facebook LinkedIn


How Hackers Use Cloud Services to Make Cybercrime More Profitable (Infosecurity Magazine, Apr 27 2021)
Cloud services can optimize resources, save time, increase automation, and take some of the security responsibility off of an organization’s plate.

Is Your Cloud Raining Sensitive Data? (Dark Reading, Apr 28 2021)
Learn common Kubernetes vulnerabilities and ways to avoid them.

Managing and maturing Kubernetes security in the enterprise (Help Net Security, Apr 28 2021)
The TL;DR version of the Infoworld article went something like this: “Companies are shying away from managing their own Kubernetes clusters and more and more, turning to managed Kubernetes solutions” – and I was not surprised.

Cloud security tops among list of skills needed to pursue cyber career (SC Media, Apr 28 2021)
Problem solving and analytical thinking were among the most important soft skills named by cyber professionals.

Whitepaper available: Classic intrusion analysis frameworks for AWS environments (AWS Security Blog, Apr 21 2021)
Over the last year, there’s been a great deal of talk about confidential computing—including secure enclaves or TEEs (Trusted Execution Environments). These are now available in servers built on chips from Amazon Nitro Enclaves, Intel SGX (Software Guard Extensions), and AMD SEV (Secure Encrypted Virtualization).

The confidential cloud employs these technologies to establish a secure and impenetrable cryptographic perimeter that seamlessly extends from a hardware root of trust to protect data in use, at rest, and in motion.

DevSecOps Company Sysdig Raises $188 Million at $1.19 Billion Valuation (SecurityWeek, Apr 28 2021)
DevSecOps company Sysdig on Wednesday announced becoming a “unicorn” after raising $188 million in a Series F funding round at a valuation of $1.19 billion.

Hands-on walkthrough of the AWS Network Firewall flexible rules engine (AWS Security Blog, Apr 27 2021)
AWS Network Firewall is a managed service that makes it easy to provide fine-grained network protections for all of your Amazon Virtual Private Clouds (Amazon VPCs) to ensure that your traffic is inspected, monitored, and logged. The firewall scales automatically with your network traffic, and offers built-in redundancies designed to provide high availability.

Bugs Allowed Hackers to Dox All John Deere Owners (VICE, Apr 22 2021)
A security researcher found two bugs that allowed him to find all customers who had purchased John Deere tractors or equipment.

A Clubhouse bug let people lurk in rooms invisibly (Ars Technica, Apr 23 2021)
Moderators would be unable to mute “ghosts” hiding in and disrupting rooms.