Cloud Security, DevOps, AppSec – The Week’s Best News – 2019.06.19
A Review of the Best News of the Week on Cloud Security, DevOps, AppSec Netflix patches Linux SACK vulnerability (SC Magazine, Jun 18 2019) Netflix researchers uncovered several security vulnerabilities, within the TCP implementations on Linux and FreeBSD kernels. The most severe of the flaws is the SACK Panic vulnerability, which could allow an attacker […]
Cloud Security, DevOps, AppSec – The Week’s Best News – 2019.06.12
A Review of the Best News of the Week on Cloud Security, DevOps, AppSec FBI: Don’t Trust HTTPS or Padlock on Websites (Infosecurity Magazine, Jun 12 2019) Feds warn that hackers are increasingly using certs to ‘secure’ their phishing sites Cross-Site Scripting Errors Continue to Be Most Common Web App Flaw (Dark Reading, Jun 11 […]
Cloud Security, DevOps, AppSec – The Week’s Best News – 2019.06.05
A Review of the Best News of the Week on Cloud Security, DevOps, AppSec Chrome extension devs must drop deceptive install tactics (Help Net Security, May 31 2019) After announcing its intention to limit third-party developers’ access to Chrome’s webRequest API, which is used by many ad-blocking extensions to filter out content, Google has followed […]
Cloud Security, DevOps, AppSec – The Week’s Best News – 2019.05.29
A Review of the Best News of the Week on Cloud Security, DevOps, AppSec First American Financial Leaked Hundreds of Millions Records (KrebsonSecurity, May 24 2019) “The Web site for Fortune 500 real estate title insurance giant First American Financial Corp. [NYSE:FAF] leaked hundreds of millions of documents related to mortgage deals going back to […]
Cloud Security, DevOps, AppSec – The Week’s Best News – 2019.05.22
A Review of the Best News of the Week on Cloud Security, DevOps, AppSec Google Has Stored Some Passwords in Plaintext Since 2005 (Wired, May 21 2019) On the heels of embarrassing disclosures from Facebook and Twitter, Google reveals its own password bugs—one of which lasted 14 years. Fifth of Docker Containers Have No Root […]
Cloud Security, DevOps, AppSec – The Week’s Best News – 2019.05.15
A Review of the Best News of the Week on Cloud Security, DevOps, AppSec Signing into Azure DevOps using your GitHub credentials (Azure DevOps Blog, May 08 2019) “Today, we are enabling developers to sign in with their existing GitHub account to Microsoft online services, on any Microsoft log in page. Using your GitHub credentials, […]
Cloud Security, DevOps, AppSec – The Week’s Best News – 2019.05.08
A Review of the Best News of the Week on Cloud Security, DevOps, AppSec Principles and best practices for data governance in the cloud (Google, May 02 2019) Every enterprise should think about the entire data governance lifecycle, including data intake and ingestion, cataloging, persistence, retention, storage management, sharing, archiving, backup, recovery, disposition, and removal […]
Cloud Security, DevOps, AppSec – The Week’s Best News – 2019.05.01
A Review of the Best News of the Week on Cloud Security, DevOps, AppSec Attackers breached Docker Hub, grabbed keys and tokens (Help Net Security, Apr 29 2019) Docker, the company behing the popular virtualization tool bearing the same name, has announced late on Friday that it has suffered a security breach. There was no […]
Cloud Security, DevOps, AppSec – The Week’s Best News – 2019.04.24
A Review of the Best News of the Week on Cloud Security, DevOps, AppSec Supply Chain Hackers Snuck Malware Into Videogames (Wired, Apr 23 2019) …evidence that the same hackers who targeted Asus with that sort of supply chain hack earlier this year have also targeted three different videogame developers—this time aiming even higher upstream, […]
Cloud Security, DevOps, AppSec – The Week’s Best News – 2019.04.17
A Review of the Best News of the Week on Cloud Security, DevOps, AppSec 122+ announcements from Google Cloud Next ‘19 (Google Cloud Blog, Apr 12 2019) “It was a lot to digest, but we’ve boiled it down here into all the announcements from the week across infrastructure, application development, data management, smart analytics and […]