Cloud Security, DevOps, AppSec – The Week’s Best News – 2018.07.04
A Review of the Best News of the Week on Cloud Security, DevOps, AppSec Google introduces Endpoint Verification (Google Cloud Platform Blog, Jul 03 2018) “Having that inventory of what computers employees are using provides valuable information which the enterprise can use to maintain security. Available to all Google Cloud Platform (GCP), Cloud Identity, G […]
Cloud Security, DevOps, AppSec – The Week’s Best News – 2018.06.27
A Review of the Best News of the Week on Cloud Security, DevOps, AppSec Underground vendors reliably obtain code signing certs (Help Net Security, Jun 26 2018) More and more malware authors are switching to buying new, valid code signing certificates issued by Certificate Authorities instead of using stolen (compromised) ones, researchers have found. Does […]
Cloud Security, DevOps, AppSec – The Week’s Best News – 2018.06.20
A Review of the Best News of the Week on Cloud Security, DevOps, AppSec Malicious Docker Containers Earn Cryptomining Criminals $90K (Threatpost, Jun 14 2018) Researchers said over a dozen malicious docker images available on Docker Hub allowed hackers to earn $90,000 in cryptojacking profits. DevSecOps: Secrets in the Cloud (DZone, Jun 17 2018) Akash […]
Cloud Security, DevOps, AppSec – The Week’s Best News – 2018.06.13
A Review of the Best News of the Week on Cloud Security, DevOps, AppSec Splunk acquires VictorOps in $120 million deal (SC Magazine, Jun 11 2018) Splunk has acquired the devops incident management firm VictorOps for $120 million in cash and Splunk securities. Fooling security tools into believing malicious code was signed by Apple (Help […]
Cloud Security, DevOps, AppSec – The Week’s Best News – 2018.06.06
A Review of the Best News of the Week on Cloud Security, DevOps, AppSec 10 Years of Cloud Security (Gartner Blog Network, Jun 01 2018) “Our 2008 research highlighted 4 key findings that have remained significant considerations for the use of public cloud computing…” Simplify Login with Application Load Balancer Built-in Authentication (AWS News Blog, […]
Cloud Security, DevOps, AppSec – The Week’s Best News – 2018.05.30
A Review of the Best News of the Week on Cloud Security, DevOps, AppSec DevSecOps – A New Chance for Security (DZone, May 30 2018) There is a bit of a problem here. Most security professionals don’t code. Likewise, the majority of software developers know very little about security. How do we most effectively bring […]
Cloud Security, DevOps, AppSec – The Week’s Best News – 2018.05.23
A Review of the Best News of the Week on Cloud Security, DevOps, AppSec Chrome drops ‘secure’ label for HTTPS websites (Naked Security – Sophos, May 21 2018) When it comes to browser security, how important are the address bar icons and labels that tell users about a site’s security status? For Google at least, […]
Cloud Security, DevOps, AppSec – The Week’s Best News – 2018.05.16
A Review of the Best News of the Week on Cloud Security, DevOps, AppSec The AWS Shared Responsibility Model and GDPR (AWS Security Blog, May 15 2018) How does the AWS Shared Responsibility Model change under GDPR? The short answer – it doesn’t. AWS is responsible for securing the underlying infrastructure that supports the cloud […]
Cloud Security, DevOps, AppSec – The Week’s Best News – 2018.05.09
A Review of the Best News of the Week on Cloud Security, DevOps, AppSec All these vulnerabilities, rarely matter. (Jeremiah Grossman, May 07 2018) There is a serious misalignment of interests between Application Security vulnerability assessment vendors and their customers. Vendors are incentivized to report everything they possible can, even issues that rarely matter. On […]
Cloud Security, DevOps, AppSec – The Week’s Best News – 2018.05.02
A Review of the Best News of the Week on Cloud Security, DevOps, AppSec How to Monitor/Respond Amazon S3 Buckets with Public Access (AWS Security Blog, May 01 2018) How to use AWS Config to monitor our Amazon Simple Storage Service (S3) bucket ACLs and policies for violations which allow public read or public write […]