Cloud Security, DevOps, AppSec – The Week’s Best News – 2019.08.28
A Review of the Best News of the Week on Cloud Security, DevOps, AppSec Cybersecurity Firm Imperva Discloses Breach (Krebs on Security, Aug 27 2019) “Imperva, a leading provider of Internet firewall services that help Web sites block malicious cyberattacks, alerted customers on Tuesday that a recent data breach exposed email addresses, scrambled passwords, API […]
Cloud Security, DevOps, AppSec – The Week’s Best News – 2019.08.21
A Review of the Best News of the Week on Cloud Security, DevOps, AppSec How Facebook Catches Bugs in Its 100 Million Lines of Code (Wired, Aug 15 2019) For the past four years, Facebook has quietly used a homegrown tool called Zoncolan to find bugs in its massive codebase. AWS: No Significant Issues at […]
Cloud Security, DevOps, AppSec – The Week’s Best News – 2019.08.14
A Review of the Best News of the Week on Cloud Security, DevOps, AppSec Apple Offers Up to $1 Million in Public Bug Bounty Program (SecurityWeek, Aug 12 2019) Apple last week announced that it’s making some significant changes to its bug bounty program, making it public and expanding the list of covered products. The […]
Cloud Security, DevOps, AppSec – The Week’s Best News – 2019.08.07
A Review of the Best News of the Week on Cloud Security, DevOps, AppSec Bug Bounties- Deep Testing & Less for Traditional Flaws (Infosecurity Magazine, Aug 01 2019) Bugcrowd also said that the average payout for critical vulnerabilities reached $2,669.92, a 27% increase over the last year. However, it claims that “researchers are no longer […]
Cloud Security, DevOps, AppSec – The Week’s Best News – 2019.07.31
A Review of the Best News of the Week on Cloud Security, DevOps, AppSec Capital One Data Theft Impacts 106M People (Krebs on Security, Jul 30 2019) “The FBI says Capital One learned about the theft from a tip sent via email on July 17, which alerted the company that some of its leaked data […]
Cloud Security, DevOps, AppSec – The Week’s Best News – 2019.07.24
A Review of the Best News of the Week on Cloud Security, DevOps, AppSec Google increases bounties for Chrome, Google Play bugs (Help Net Security, Jul 22 2019) Bug hunters searching for security flaws in Google’s offerings are now vying for higher bounties. Microsoft has launched a new bug bounty program. Google’s changes Since 2010, […]
Cloud Security, DevOps, AppSec – The Week’s Best News – 2019.07.17
A Review of the Best News of the Week on Cloud Security, DevOps, AppSec Magecart compromised 17,000+ sites via unsecured S3 buckets (Help Net Security, Jul 11 2019) When they find one that is misconfigured to allow anyone to view and edit the files it contains, they search for JavaScript files, download them, add their […]
Cloud Security, DevOps, AppSec – The Week’s Best News – 2019.07.10
A Review of the Best News of the Week on Cloud Security, DevOps, AppSec Malicious Code Planted in ‘strong_password’ Ruby Gem (SecurityWeek, Jul 08 2019) A developer discovered that an update released for the ‘strong_password’ Ruby gem contained malicious code that allowed an attacker to remotely execute arbitrary code. Canonical GitHub Account Hijacked (SecurityWeek, Jul […]
Cloud Security, DevOps, AppSec – The Week’s Best News – 2019.07.03
A Review of the Best News of the Week on Cloud Security, DevOps, AppSec Top 10 Security Blog posts in 2019 so far (AWS Security Blog, Jul 01 2019) The top 10 posts from 2019 based on page views – How to automate SAML federation to multiple AWS accounts from Microsoft Azure Active Directory – […]
Cloud Security, DevOps, AppSec – The Week’s Best News – 2019.06.26
A Review of the Best News of the Week on Cloud Security, DevOps, AppSec AWS CISO Talks Risk Reduction, Development, Recruitment (Dark Reading, Jun 25 2019) Steve Schmidt says limiting access to data has dramatically changed the security posture across Amazon Web Services. 1 in 10 open source components downloaded in 2018 had a known […]