A Review of the Best News of the Week on Cloud Security, DevOps, AppSec

New CISA & NSA Guidance Details Steps to Harden Kubernetes (SecurityWeek, Aug 04 2021)
New guidance from the United States Cybersecurity and Infrastructure Security Agency (CISA) and the National Security Agency (NSA) provides information on the steps that administrators can take to minimize risks associated with Kubernetes deployments.

Storing Encrypted Photos in Google’s Cloud (Schneier on Security, Jul 30 2021)
“Abstract: Cloud photo services are widely used for persistent, convenient, and often free photo storage, which is especially useful for mobile devices. As users store more and more photos in the cloud, significant privacy concerns arise because even a single compromise of a user’s credentials give attackers unfettered access to all of the user’s photos.”

Software downloaded 30,000 times from PyPI ransacked developers’ machines (Ars Technica, Jul 30 2021)
Expect to see more of these “Frankenstein” malware packages, researchers warn.


Filter Out the Noise
Since I started this curated security news in June 2017, I’ve clipped ~20,000 articles and narrowed them down into the best 20 per day & best 15 per week. This is my favorite way to cut through all the security marketing and hype. If you’re enjoying it, tell a friend. If you hate it, tell an enemy.
Thanks! – Lucas Samaras

Share today’s post on Twitter Facebook LinkedIn


AWS S3 can be a security risk for your business (Help Net Security, Aug 04 2021)
Along with the shift to the cloud and emergence of modern digital services and applications, new security concerns have emerged for organizations. More connectivity means more risk, and the greater the risk, the more protection is needed. As the use of AWS’ Amazon Simple Storage Service (S3) increased, so have the content types that are stored and shared on it.

What is DataSecOps and why it matters (Help Net Security, Aug 04 2021)
In this Help Net Security podcast, Ben Herzberg, Chief Scientist at Satori, explains what DataSecOps is, and illustrates its significance. Here’s a transcript of the podcast for your convenience. Hi, I’m Ben Herzberg, Chief Scientist at Satori. In case you don’t know Satori, what we do at Satori is streamline data access and security with DataSecOps. We’re simplifying and securing data access to data stores, such as Snowflake, Redshift, PostgreSQL, and others.

73% of healthcare organizations have now adopted DevOps (Help Net Security, Aug 04 2021)
The last year was challenging for every business sector, and none more than healthcare which was under enormous pressure to provide care while changing the way many services are delivered. According to data from a Redgate Software report, the importance of IT in enabling and facilitating that change has been key to success for the healthcare sector, with DevOps adoption, cloud use and cross-platform database development all increasing markedly.

Competition main force behind increased cloud migration (Help Net Security, Jul 29 2021)
Organizations are moving to the cloud in big numbers to drive competitive strategies and provide richer customer experiences, according to Next Pathway. This is a shift from earlier adopters that looked to the cloud primarily for operation efficiencies.

Google Patches Several Chrome Flaws That Can Be Exploited via Malicious Extensions (SecurityWeek, Aug 04 2021)
A Chrome 92 update released this week by Google patches 10 vulnerabilities, including several high-severity flaws that earned researchers tens of thousands of dollars in bug bounties.