Cloud Security, DevOps, AppSec – The Week’s Best News – 2018.04.25
A Review of the Best News of the Week on Cloud Security, DevOps, AppSec SecMon State of the Union: Revisiting the Team of Rivals (Securosis Blog, Apr 24 2018) In this post (and the rest of the series) Securosis discusses the degree each tool matches up to the emerging use cases, and how technologies such […]
Cloud Security, DevOps, AppSec – The Week’s Best News – 2018.04.18
A Review of the Best News of the Week on Cloud Security, DevOps, AppSec #RSAC: It’s Time to Kill the Pen Test (Infosecurity Magazine, Apr 17 2018) There’s also the issue of pen tests being “a very slow and expensive way to work your way through just a few of the CIS Top 20” whilst […]
Cloud Security, DevOps, AppSec – The Week’s Best News – 2018.04.11
A Review of the Best News of the Week on Cloud Security, DevOps, AppSec Misconfigured Clouds Compromise 424% More Records in 2017 (Dark Reading, Apr 04 2018) Cybercriminals are increasingly aware of misconfigured systems and they’re taking advantage, report IBM X-Force researchers. Web Application Firewalls: The Definitive Primer (Imperva, Mar 27 2018) Imperva commissioned a […]
Cloud Security, DevOps, AppSec – The Week’s Best News – 2018.04.04
A Review of the Best News of the Week on Cloud Security, DevOps, AppSec Panerabread.com Leaks Millions of Customer Records (Krebs on Security, Apr 02 2018) Panerabread.com, the Web site for the American chain of bakery-cafe fast casual restaurants by the same name, leaked millions of customer records — including names, email and physical addresses, […]
Cloud Security, DevOps, AppSec – The Week’s Best News – 2018.03.28
A Review of the Best News of the Week on Cloud Security, DevOps, AppSec GitHub Security Alerts Lead to Fewer Vulnerable Code Libraries (SecurityWeek, Mar 22 2018) GitHub says the introduction of security alerts last year has led to a significantly smaller number of vulnerable code libraries on the platform. Patches for Meltdown and Spectre […]
Cloud Security, DevOps, AppSec – The Week’s Best News – 2018.03.21
A Review of the Best News of the Week on Cloud Security, DevOps, AppSec 880,000 payment cards, user info hit in Orbitz data breach (Help Net Security, Mar 21 2018) Expedia subsidiary Orbitz has revealed that a legacy Orbitz travel booking platform had been compromised and personal user information and payment card data might have […]
Cloud Security, DevOps, AppSec – The Week’s Best News – 2018.03.14
A Review of the Best News of the Week on Cloud Security, DevOps, AppSec Distrust of the Symantec PKI: Immediate action needed by webmasters (Google, Mar 14 2018) This post outlines how site operators can determine if they’re affected by this deprecation, and if so, what needs to be done and by when. Failure to […]
Cloud Security, DevOps, AppSec – The Week’s Best News – 2018.03.07
A Review of the Best News of the Week on Cloud Security, DevOps, AppSec How to Use Bucket Policies to Secure Your Amazon S3 Data (AWS Security Blog, Mar 07 2018) Because the service is flexible, a user could accidentally configure buckets in a manner that is not secure. 1 in 50 publicly readable Amazon […]
Cloud Security, DevOps, AppSec – The Week’s Best News – 2018.02.28
A Review of the Best News of the Week on Cloud Security, DevOps, AppSec How Developers got Password Security so Wrong (Cloudflare Blog, Feb 21 2018) Unfortunately; salting is no longer enough, passwords can be cracked quicker and quicker using modern GPUs (specialised at doing the same task over and over). When a site suffers […]
Cloud Security, DevOps, AppSec – The Week’s Best News – 2018.02.21
A Review of the Best News of the Week on Cloud Security, DevOps, AppSec Lessons from the Cryptojacking Attack at Tesla (RedLock Blog, Feb 21 2018) The hackers had infiltrated Tesla’s Kubernetes console which was not password protected. Within one Kubernetes pod, access credentials were exposed to Tesla’s AWS environment which contained an Amazon S3 […]