Cloud Security, DevOps, AppSec – The Week’s Best News – 2020.10.21
A Review of the Best News of the Week on Cloud Security, DevOps, AppSec Twitter-Owned SDK Leaking Location Data of Millions of Users (VICE, Oct 21 2020) Researchers found several apps using an outdated version of an SDK made by Twitter-owned MoPub. Serious Vulnerability in GitHub Enterprise Earns Researcher $20,000 (SecurityWeek, Oct 20 2020) A […]
Cloud Security, DevOps, AppSec – The Week’s Best News – 2020.10.14
A Review of the Best News of the Week on Cloud Security, DevOps, AppSec 5 Hackers Found 55 Bugs in Apple Products in 3 Months and Made $51,500 (VICE, Oct 08 2020) Apple rewarded the researchers for finding some very serious bugs in the company’s websites. But for some, the researchers should have been paid […]
Cloud Security, DevOps, AppSec – The Week’s Best News – 2020.10.07
A Review of the Best News of the Week on Cloud Security, DevOps, AppSec GitHub Tool Spots Security Vulnerabilities in Code (Dark Reading, Sep 30 2020) Scanner, which just became generally available, lets developers spot problems before code gets into production. New Research Finds Bugs in Every Anti-Malware Product Tested (Dark Reading, Oct 06 2020) […]
Cloud Security, DevOps, AppSec – The Week’s Best News – 2020.09.30
A Review of the Best News of the Week on Cloud Security, DevOps, AppSec 85% of COVID-19 tracking apps leak data (Help Net Security, Sep 29 2020) 71% of healthcare and medical apps have at least one serious vulnerability that could lead to a breach of medical data, according to Intertrust. The report investigated 100 […]
Cloud Security, DevOps, AppSec – The Week’s Best News – 2020.09.23
A Review of the Best News of the Week on Cloud Security, DevOps, AppSec Get ready for upcoming changes in the AWS SSO user sign-in process (AWS Blog, Sep 18 2020) To improve security, enhance user experience, and address compatibility with future AWS Identity changes, AWS Single Sign-On (SSO) is making changes to the sign-in […]
Cloud Security, DevOps, AppSec – The Week’s Best News – 2020.09.16
A Review of the Best News of the Week on Cloud Security, DevOps, AppSec Research Finds Nearly 800,000 Access Keys Exposed Online (Dark Reading, Sep 15 2020) The researchers searched approximately 150 million entities across GitHub, GitLab, and Pastebin during a 30-day period in August and September to find the roughly 800,000 keys. They discovered […]
Cloud Security, DevOps, AppSec – The Week’s Best News – 2020.09.09
A Review of the Best News of the Week on Cloud Security, DevOps, AppSec Defense in depth using AWS Managed Rules for AWS WAF (part 1) (AWS Blog, Sep 02 2020) The post is in two parts. This first part describes AWS Managed Rules for AWS WAF and how it can be used to provide […]
Cloud Security, DevOps, AppSec – The Week’s Best News – 2020.09.02
A Review of the Best News of the Week on Cloud Security, DevOps, AppSec Fastly Sets DevSecOps Strategy After Signal Sciences Buy (DevOps, Sep 02 2020) In the wake of acquiring Signal Sciences for $770 million, Fastly is gearing up to expand the range of security services it offers as part of an effort to […]
Cloud Security, DevOps, AppSec – The Week’s Best News – 2020.08.26
A Review of the Best News of the Week on Cloud Security, DevOps, AppSec Let’s Hack a Pipeline: Argument Injection (Azure DevOps Blog, Aug 21 2020) In this series of posts, we’ll walk through some common security pitfalls when setting up Azure Pipelines. We don’t really want to get hacked, so we’ll also show off […]
Cloud Security, DevOps, AppSec – The Week’s Best News – 2020.08.19
A Review of the Best News of the Week on Cloud Security, DevOps, AppSec IT Pros Name Misconfiguration #1 Cloud Security Threat (Infosecurity Magazine, Aug 13 2020) Check Point report reveals skills shortage is biggest barrier to adoption. The top four threats were cited as: misconfiguration (68%), unauthorized cloud access (58%), insecure interfaces (52%), and […]