A Review of the Best News of the Week on Cloud Security, DevOps, AppSec
Advancing resiliency threat modeling for large distributed systems (Azure Blog, Jul 07 2021)
All service engineering teams in Azure are already familiar with postmortems as a tool for better understanding what went wrong, how it went wrong, and the customer impact of the related outage. For today’s post in our Advancing Reliability blog series, we share insights into our journey as we work towards advancing our postmortem and resiliency threat modeling processes.
Microsoft Paid Out $13.6 Million in Bug Bounties in Past Year (SecurityWeek, Jul 09 2021)
“Microsoft this week revealed that it paid out more than $13.6 million in bug bounties between July 1, 2020, and June 30, 2021.
As part of the company’s 17 bug bounty and grant programs, participating security researchers can earn awards as high as $250,000 — the highest rewards are for critical vulnerabilities in Hyper-V.”
Firefox 90 Adds Cross-Origin Protections, Advanced Tracker Blocker (SecurityWeek, Jul 13 2021)
Mozilla this week pushed Firefox 90 to the stable channel with several security improvements, including better protections against cross-origin threats and an advanced tracker blocking mechanism.
Filter Out the Noise
Since I started this curated security news in June 2017, I’ve clipped ~19,000 articles and narrowed them down into the best 20 per day & best 15 per week. This is my favorite way to cut through all the security marketing and hype. If you’re enjoying it, tell a friend. If you hate it, tell an enemy.
Thanks! – Lucas Samaras
Google Cloud Government Security Summit – Join us for ‘can’t miss’ content and solutions for your toughest cybersecurity challenges (Google Cloud Blog, Jul 14 2021)
The Google Cloud Government Security Summit is one week away, and we’re pleased to announce our full program line up, packed with content and insights from some of the world’s leading cybersecurity thought leaders, including…
Ensuring HIPAA compliance when using the cloud (Help Net Security, Jul 14 2021)
Accelerated by the pandemic, health IT has continued to innovate at pace, while having to balance data protection and regulatory rules. However, critical transformations – like transitioning to the cloud – are a tougher challenge for this industry than for others. In fact, just 34% of life science companies have achieved cloud outcomes.
AWS offers free online training for cloud architects (SC Media, Jul 14 2021)
Amazon Web Services this week launched a new free online training series on Twitch that aims to build up the skills of cloud developers. The new series, the AWS Power Hour: Architecting, kicked off on Monday, July 12 and will run for six weeks. According to an AWS blog, the developer training is part of…
Easily Manage Security Group Rules with the New Security Group Rule ID (AWS News Blog, Jul 07 2021)
At AWS, we tirelessly innovate to allow you to focus on your business, not its underlying IT infrastructure. Sometimes we launch a new service or a major capability. Sometimes we focus on details that make your professional life easier.
How to create auto-suppression rules in AWS Security Hub (AWS Security Blog, Jul 12 2021)
AWS Security Hub gives you a comprehensive view of your security alerts and security posture across your AWS accounts. With Security Hub, you have a single place that aggregates, organizes, and prioritizes your security alerts, or findings, from multiple AWS services.
Automatically update AWS WAF IP sets with AWS IP ranges (AWS Security Blog, Jul 08 2021)
This blog post describes how to automatically update AWS WAF IP sets with the most recent AWS IP ranges for AWS services. This related blog post describes how to perform a similar update for Amazon CloudFront IP ranges that are used in VPC Security Groups.
Multi-Cloud Environments More Risky (Infosecurity Magazine, Jul 08 2021)
Security professionals say multi-cloud environments pose greater security challenges
Mitsubishi Electric Patches Vulnerabilities in Air Conditioning Systems (SecurityWeek, Jul 12 2021)
Mitsubishi Electric recently patched critical and high-severity vulnerabilities affecting many of its air conditioning products, mainly centralized controllers.
Gmail increases email security by adding support for BIMI (Help Net Security, Jul 13 2021)
Organizations who deploy Domain-based Message Authentication, Reporting, and Conformance (DMARC) will, from now on, be able to increase Gmail recipients’ trust in the emails, newsletters, receipts and offers they send by automatically displaying the company’s logo.
Google Cloud Certificate Authority Service Becomes Generally Available (SecurityWeek, Jul 13 2021)
Google Cloud on Monday announced that its Certificate Authority Service is now generally available.