A Review of the Best News of the Week on Cloud Security, DevOps, AppSec

GitHub Starts Scanning for Exposed Package Registry Credentials (SecurityWeek, Jun 10 2021)
GitHub this week announced that it has started scanning code hosted on its platform for package registry credentials, including RubyGems and PyPI secrets.

Cloud Security Alliance releases new security guidance for telehealth organizations (SC Media, Jun 11 2021)
Developed by the CSA’s Health Information Management Working Group, the Telehealth Risk Management publication offers best practices for the creation, storage, use, sharing, archiving, and potential destruction of data in three specific domains: governance, privacy, and security.

Google Workspace Gets Client-Side Encryption (SecurityWeek, Jun 15 2021)
Google this week announced the introduction of client-side encryption in Google Workspace, which is meant to provide users with control over the encryption keys used to keep their data safe.


Filter Out the Noise
Since I started this curated security news in June 2017, I’ve clipped ~19,000 articles and narrowed them down into the best 20 per day & best 15 per week. This is my favorite way to cut through all the security marketing and hype. If you’re enjoying it, tell a friend. If you hate it, tell an enemy.
Thanks! – Lucas Samaras

Share today’s post on Twitter Facebook LinkedIn


Cloud computing costs skyrocketing as businesses support a remote workforce (Help Net Security, Jun 15 2021)
Anodot announced the results of a survey that reveals how organizations struggle to control skyrocketing cloud computing costs of the remote workforce, even as business moves to a hybrid model. In Q2 of 2021, more than 100 senior IT, finance, and operations leaders were surveyed on their experiences managing cloud costs during the pandemic and shortly thereafter as vaccinations became commonplace and more people returned to work.

Investing in the right future for the cloud (Help Net Security, Jun 14 2021)
In the last decade we have seen cloud technology evolve from a useful competitive business tool to one of the key foundations of the business world. Migrating assets, application and infrastructure to the cloud is an underpinning objective for most digital transformation strategies, with the aim of creating a more agile and adaptable operation.

Understanding the cloud shared responsibility model (Help Net Security, Jun 16 2021)
Over the past year, we witnessed a transition to the cloud as companies had to quickly adjust to the almost instantaneous move to a remote work environment. But in many cases, they prioritized practicality over security to avoid business disruption, leaving many organizations vulnerable. A significant reason for these vulnerabilities is that many organizations rely on default security offerings from their cloud providers, which are often provided as do-it-yourself toolkits and guidelines…

​Securing a new world of hybrid work: What to know and what to do (Cloud Security Alliance, Jun 16 2021)
Keeping devices healthy and managed: All devices that need access to corporate resources must be managed to seamlessly keep your device secure and protected from phishing and malicious websites.
Making security everyone’s job: We will offer new training, opportunities to provide feedback, and a new virtual security summit to ensure our employees are empowered and equipped to be more secure.
Securing home offices: We will continue to build and offer resources and guidelines for employees that will work remotely either part or full time.
Building for Zero Trust: We are asking our developers to build with a Zero Trust mentality.

Secure Access Trade-offs for DevSecOps Teams (Dark Reading, Jun 11 2021)
Thanks to recent advancements in access technologies, everyone can apply identity-based authentication and authorization and zero-trust principles for their computing resources.

GitHub Discloses Details of Easy-to-Exploit Linux Vulnerability (SecurityWeek, Jun 11 2021)
GitHub this week disclosed the details of an easy-to-exploit Linux vulnerability that can be leveraged to escalate privileges to root on the targeted system.

Researcher Earns $30,000 for Instagram Flaw Exposing Private Posts (SecurityWeek, Jun 15 2021)
A researcher says he has earned $30,000 through Facebook’s bug bounty program for reporting an Instagram vulnerability that exposed private posts.