A Review of the Best News of the Week on Cloud Security, DevOps, AppSec
AWS Acquires Encrypted Communications Service Wickr (SecurityWeek, Jun 25 2021)
Amazon’s AWS subsidiary on Friday announced the acquisition of Wickr, a late-stage startup that sells end-to-end encrypted communications tools.
Most Developers Never Update Third-Party Libraries in Their Software: Report (SecurityWeek, Jun 22 2021)
Most developers never update third-party libraries after including them in their software, a new report from application security company Veracode reveals.
Google Working on Patching GCP Vulnerability That Allows VM Takeover (SecurityWeek, Jun 30 2021)
A security researcher has disclosed the details of a vulnerability that can be exploited to take over virtual machines (VMs) on Google Cloud Platform.
Filter Out the Noise
Since I started this curated security news in June 2017, I’ve clipped ~19,000 articles and narrowed them down into the best 20 per day & best 15 per week. This is my favorite way to cut through all the security marketing and hype. If you’re enjoying it, tell a friend. If you hate it, tell an enemy.
Thanks! – Lucas Samaras
Splunk expands into cloud security space with new platform (SC Media, Jun 24 2021)
Splunk, best known for its analytics software, delved deeper into the security realm this week when it released its new Splunk Security Cloud, a security operations platform that consists of security analytics, automated security operations, and integrated threat intelligence.
How to rethink risks with new cloud deployments (Help Net Security, Jun 21 2021)
These days, technology seems to evolve at the speed of light. Infrastructures change, attack surfaces reduce and multiply and, not surprisingly, your cloud environment advances. However, with new cloud deployment scenarios created to accelerate business operations, the risks also change.
Cloud security posture confidence is high, yet most IT pros have experienced a cloud-related breach (Help Net Security, Jun 17 2021)
OpsCompass announced the results of a report it conducted on cloud security posture and management challenges. The report is based on survey responses from 253 full-time, US-based, IT professionals who develop, and either deploy or manage enterprise cloud applications or infrastructure.
Cloud security skills in high demand (Help Net Security, Jun 22 2021)
Cloud security is critically important for organizations across the globe as adoption of cloud infrastructure continues to grow at a rapid clip. The shift toward the cloud is unstoppable, and inevitably, it’s driving soaring demand for skilled security professionals.
50% of misconfigured containers hit by botnets in under an hour (SC Media, Jun 21 2021)
Aqua Security reported that data it collected from honeypots protecting containers over a six-month period revealed that 50% of misconfigured Docker APIs are attacked by botnets within 56 minutes of being set up.
AWS BugBust Aims to Fix One Million Vulnerabilities Globally (Infosecurity Magazine, Jun 25 2021)
Cloud giant wants to save $100 million in technical debt
Cloud Database Exposes 800M+ WordPress Users’ Records (Infosecurity Magazine, Jun 25 2021)
Misconfiguration at hosting provider DreamHost led to the privacy breach
Major threats to cloud infrastructure security include a lack of visibility and inadequate IAM (Help Net Security, Jun 30 2021)
98% of companies had experienced at least one cloud data breach in the past 18 months compared to 79% last year, according to an IDC survey. Meanwhile, 67% reported three or more such breaches, and 63% said they had sensitive data exposed.
Security is the top priority for Amazon S3 (AWS Security Blog, Jun 23 2021)
Amazon Simple Storage Service (Amazon S3) launched 15 years ago in March 2006, and became the first generally available service from Amazon Web Services (AWS). AWS marked the fifteenth anniversary with AWS Pi Week—a week of in-depth streams and live events.
CloudHSM best practices to maximize performance and avoid common configuration pitfalls (AWS Security Blog, Jun 22 2021)
AWS CloudHSM provides fully-managed hardware security modules (HSMs) in the AWS Cloud. CloudHSM automates day-to-day HSM management tasks including backups, high availability, provisioning, and maintenance.
Three security and scalability improvements for Cloud SQL for SQL Server (Google Cloud Blog, Jun 29 2021)
As a product with a long history in the database ecosystem, SQL Server offers numerous native capabilities that help provide scalability and security to its users. However, it can be time consuming and complex to take advantage of these features.
Security Flaw Discovered In Peloton Equipment (Dark Reading, Jun 16 2021)
The vulnerability could give attackers remote root access to the bike’s tablet, researchers report.
Software delivery maturity generating business benefits (Help Net Security, Jun 17 2021)
Organizations with a high level of software delivery maturity are three times more likely to grow at 15 percent or more annually, according to Forrester Consulting. Conversely, those not modernizing their software delivery processes face increasing roadblocks that limit growth, slow DevOps transformations and expose security and risk vulnerabilities.
GitHub Paid Out Over $1.5 Million via Bug Bounty Program Since 2016 (SecurityWeek, Jun 28 2021)
Microsoft-owned software development solutions provider GitHub announced on Friday that it has paid out more than $1.5 million through its bug bounty program since 2016, when it started using the HackerOne bug bounty platform.
How to Make Sure Your Browser Extensions Are Safe (Wired, Jun 27 2021)
As useful as all those add-ons can be, don’t get complacent when it comes to making sure they’re also secure.