Cloud Security, DevOps, AppSec – The Week’s Best News – 2021.01.06
A Review of the Best News of the Week on Cloud Security, DevOps, AppSec Hacker Earns $2m in Bug Bounties (Infosecurity Magazine, Dec 24 2020) Romanian man earns $2m through HackerOne and becomes richest bug bounty hunter in the world Amazon Has Trucks Filled with Hard Drives and an Armed Guard (Schneier on Security, Jan […]
Cloud Security, DevOps, AppSec – The Week’s Best News – 2020.12.23
A Review of the Best News of the Week on Cloud Security, DevOps, AppSec Cellebrite Can Break Signal (Schneier on Security, Dec 21 2020) “Cellebrite announced that it can break Signal. (Note that the company has heavily edited its blog post, but the original — with lots of technical details — was saved by the […]
Cloud Security, DevOps, AppSec – The Week’s Best News – 2020.12.16
A Review of the Best News of the Week on Cloud Security, DevOps, AppSec Dark Halo Leverages SolarWinds Compromise to Breach Organizations (Volexity, Dec 15 2020) Near the end of this incident, Volexity observed the threat actor using a novel technique to bypass Duo multi-factor authentication (MFA) to access the mailbox of a user via […]
Cloud Security, DevOps, AppSec – The Week’s Best News – 2020.12.09
A Review of the Best News of the Week on Cloud Security, DevOps, AppSec Open Source Does Not Equal Secure (Schneier on Security, Dec 03 2020) “Way back in 1999, I wrote about open-source software: First, simply publishing the code does not automatically mean that people will examine it for security flaws. Security researchers are […]
Cloud Security, DevOps, AppSec – The Week’s Best News – 2020.12.02
A Review of the Best News of the Week on Cloud Security, DevOps, AppSec Half of Docker Hub Images Feature Critical Flaws (Infosecurity Magazine, Dec 02 2020) New study of four million container images reveals major risks Tesla Hacked and Stolen Again Using Key Fob (Threatpost, Nov 30 2020) Belgian researchers demonstrate third attack on […]
Cloud Security, DevOps, AppSec – The Week’s Best News – 2020.11.25
A Review of the Best News of the Week on Cloud Security, DevOps, AppSec Zero Trust architectures: An AWS perspective (AWS Security Blog, Nov 23 2020) Our mission at Amazon Web Services (AWS) is to innovate on behalf of our customers so they have less and less work to do when building, deploying, and rapidly […]
Cloud Security, DevOps, AppSec – The Week’s Best News – 2020.11.18
A Review of the Best News of the Week on Cloud Security, DevOps, AppSec AWS Network Firewall – New Managed Firewall Service in VPC (AWS News Blog, Nov 17 2020) “Today, I am happy to announce AWS Network Firewall, a high availability, managed network firewall service for your virtual private cloud (VPC). It enables you […]
Cloud Security, DevOps, AppSec – The Week’s Best News – 2020.11.11
A Review of the Best News of the Week on Cloud Security, DevOps, AppSec Google Discloses Details of GitHub Actions Vulnerability (SecurityWeek, Nov 04 2020) Details on a vulnerability impacting GitHub Actions were made public this week by Google, following a 104-day disclosure deadline. Bug Bounty Hunters’ Pro Tips on Chasing Vulns & Money (Dark […]
Cloud Security, DevOps, AppSec – The Week’s Best News – 2020.11.04
A Review of the Best News of the Week on Cloud Security, DevOps, AppSec The 10 Best Practices in Cloud Data Security (Cloud Security Alliance, Nov 03 2020) Cloud security varies, and the best way to ensure everything is protected usually begins by understanding the combination of cloud location and cloud service your organization has. […]
Cloud Security, DevOps, AppSec – The Week’s Best News – 2020.10.28
A Review of the Best News of the Week on Cloud Security, DevOps, AppSec 76% of applications have at least one security flaw (Help Net Security, Oct 28 2020) The majority of applications contain at least one security flaw and fixing those flaws typically takes months, a Veracode report reveals. This year’s analysis of 130,000 […]