Cloud Security, DevOps, AppSec – The Week’s Best News – 2020.06.03
A Review of the Best News of the Week on Cloud Security, DevOps, AppSec “Sign in with Apple” Vulnerability (Schneier on Security, Jun 02 2020) “Researcher Bhavuk Jain discovered a vulnerability in the “Sign in with Apple” feature, and received a $100,000 bug bounty from Apple. Basically, forged tokens could gain access to pretty much […]
Cloud Security, DevOps, AppSec – The Week’s Best News – 2020.05.27
A Review of the Best News of the Week on Cloud Security, DevOps, AppSec How secure are open source libraries? (Help Net Security, May 21 2020) Seven in 10 applications have a security flaw in an open source library, highlighting how use of open source can introduce flaws, increase risk, and add to security debt, […]
Cloud Security, DevOps, AppSec – The Week’s Best News – 2020.05.20
A Review of the Best News of the Week on Cloud Security, DevOps, AppSec Cloud Exposes SMBs to Attack as Human Error Grows (Infosecurity Magazine, May 19 2020) Verizon’s annual Data Breach Investigations Report is compiled from an analysis of 32,002 security incidents and 3950 confirmed breaches. The report claimed that smaller businesses comprised just […]
Cloud Security, DevOps, AppSec – The Week’s Best News – 2020.05.13
A Review of the Best News of the Week on Cloud Security, DevOps, AppSec GitHub Takes Aim at Open Source Software Vulnerabilities (Wired, May 06 2020) GitHub Advanced Security will help automatically spot potential security problems in the world’s biggest open source platform. AWS Foundational Security Best Practices standard now available in Security Hub (AWS […]
Cloud Security, DevOps, AppSec – The Week’s Best News – 2020.05.06
A Review of the Best News of the Week on Cloud Security, DevOps, AppSec COVID-19: Cloud Threat Landscape (Palo Alto Unit42, May 05 2020) Unit 42 researchers found 56,200+ of the newly registered domain (NRD) are hosted in one of the top four popular cloud service providers (CSPs), such as Amazon Web Services (AWS), Microsoft […]
Cloud Security, DevOps, AppSec – The Week’s Best News – 2020.04.29
A Review of the Best News of the Week on Cloud Security, DevOps, AppSec Twitter turns off SMS-based tweeting in most countries (Sophos, Apr 29 2020) Buh-bye, original way of tweeting. Twitter said it’s to keep our accounts safe, referring to unspecified SMS-enabled vulnerabilities. IAM Access Analyzer flags unintended access to S3 buckets shared through […]
Cloud Security, DevOps, AppSec – The Week’s Best News – 2020.04.22
A Review of the Best News of the Week on Cloud Security, DevOps, AppSec SBA Reports Data Breach in Disaster Loan Application Website (SecurityWeek, Apr 22 2020) Thousands of small business owners reeling from the aggressive measures taken to halt the spread of the coronavirus may have had their personal information exposed last month on […]
Cloud Security, DevOps, AppSec – The Week’s Best News – 2020.04.15
A Review of the Best News of the Week on Cloud Security, DevOps, AppSec Hackers Are Selling a Critical Zoom Zero-Day Exploit for $500,000 (VICE, Apr 15 2020) People who trade in zero-day exploits say there are two Zoom zero-days, one for Windows and one for MacOS, on the market. DoD Inspector General report finds […]
Cloud Security, DevOps, AppSec – The Week’s Best News – 2020.04.08
A Review of the Best News of the Week on Cloud Security, DevOps, AppSec Bug Bounty Programs Are Being Used to Buy Silence (Schneier on Security, Apr 03 2020) Investigative report on how commercial bug-bounty programs like HackerOne, Bugcrowd, and SynAck are being used to silence researchers Bugs that let sites hijack Mac and iPhone […]
Cloud Security, DevOps, AppSec – The Week’s Best News – 2020.04.01
A Review of the Best News of the Week on Cloud Security, DevOps, AppSec Zoom Removes Code That Sends Data to Facebook (VICE, Mar 30 2020) The change comes after Motherboard found the Zoom iOS app was sending analytics information to Facebook when users opened the app. How to Secure Online Coding Platforms (DevOps, Apr […]