A Review of the Best News of the Week on Cloud Security, DevOps, AppSec

Google Cloud Unveils New SOC, IDS Solutions (SecurityWeek, Jul 22 2021)
Google Cloud this week announced new security offerings for its customers, including Autonomic Security Operations to improve security operations centers (SOCs) and Cloud Intrusion Detection System (IDS) for network-based threat detection.

What We Learn from MITRE’s Most Dangerous Software Weaknesses List (SecurityWeek, Jul 26 2021)
A look into MITRE’s 2021 CWE Top 25 Most Dangerous Software Weaknesses

The three most important AWS WAF rate-based rules (AWS Security Blog, Jul 22 2021)
In this post, we explain what the three most important AWS WAF rate-based rules are for proactively protecting your web applications against common HTTP flood events, and how to implement these rules. We share what the Shield Response Team (SRT) has learned from helping customers respond to HTTP floods and show how all AWS WAF…

Filter Out the Noise
Since I started this curated security news in June 2017, I’ve clipped ~20,000 articles and narrowed them down into the best 20 per day & best 15 per week. This is my favorite way to cut through all the security marketing and hype. If you’re enjoying it, tell a friend. If you hate it, tell an enemy.
Thanks! – Lucas Samaras

Share today’s post on Twitter Facebook LinkedIn

Data protection in transit, in storage, and in use (Google Cloud Blog, Jul 28 2021)
In our first episode of the Cloud Security Podcast, we had the pleasure to talk to Nelly Porter, Group Product Manager for the Cloud Security team.
In this interview Anton, Tim, and Nelly examine a critical question about data security: how can we process extremely sensitive data in the cloud while also keeping it protected against insider access? Turns out it’s easier than it sounds on Google Cloud.

Microsoft Acquires Cloud Security Start-up CloudKnox (SecurityWeek, Jul 21 2021)
After years of mostly sitting on the sidelines, Microsoft is starting to be aggressive with cybersecurity acquisitions.

Government IT decision makers worried about security risks related to cloud migration (Help Net Security, Jul 23 2021)
Nearly 70% of U.S. government IT decision makers surveyed view security risks as the top barrier when migrating to modern cloud platforms, a Morning Consult survey reveals. Of those surveyed, security also now outweighs reducing costs by almost double as the reason to modernize IT infrastructures.

Exposing the latest cloud threats affecting enterprises (Help Net Security, Jul 28 2021)
Netskope revealed new research showing the continued growth of malware delivered by cloud applications and also the potential for critical data exfiltration tied to employees departing their jobs, among a range of increasing cloud application security risks.

Strengthen the security of sensitive data stored in Amazon S3 by using additional AWS services (AWS Security Blog, Jul 26 2021)
In this post, we describe the AWS services that you can use to both detect and protect your data stored in Amazon Simple Storage Service (Amazon S3). When you analyze security in depth for your Amazon S3 storage, consider doing the following: Audit and restrict Amazon S3 access with AWS Identity and Access Management (IAM) …

Who is responsible for improving security in the software development environment? (Help Net Security, Jul 22 2021)
Venafi announced the findings of a global survey that evaluates the impact of software supply chain attacks like SolarWinds/SUNBURST, CodeCov and Kaseya/REvil on how development organizations are changing their approach to securing software build and delivery environments. The survey evaluated the opinions of over 1,000 information security professionals, developers and executives in the IT and software development industries.

Google pushed a one-character typo to production, bricking Chrome OS devices (Ars Technica, Jul 22 2021)
Google broke a conditional statement that verifies passwords. A fix is rolling out.

Never mind the trolls, Discord hosts ‘significant volumes of malware’ in its CDN (The Register, Jul 26 2021)
Biz insists it’s trying as hard as possible to scrub clean its IRC-for-the-2020s

GitLab Releases Open Source Tool for Hunting Malicious Code in Dependencies (SecurityWeek, Jul 26 2021)
GitLab last week announced the release of a new open source tool designed to help software developers identify malicious code in their projects’ dependencies.

Google Paid Over $29 Million in Bug Bounty Rewards in 10 Years (SecurityWeek, Jul 27 2021)
Google says it has paid more than $29 million in rewards for pre-patch vulnerability data over the past 10 years.