Cloud Security This Week – December 21, 2018

New from Lacework

Kubernetes CVE-2018-1002105
Given the release of CVE-2018-1002105, visibility and threat detection for your Kubernetes cluster is paramount. Kubernetes clusters can become very complex very fast. It’s important to stay a step ahead and have the insights you need to protect your cluster.

My Mom is Sick and Tired of Your Weak S3 Bucket Policies
Cloud security has headlined so many stories over the past year that the term “leaky S3 bucket” even rolls off the tongue of my mother with ease and accuracy.

Is Your Cloud Giving or Receiving This Holiday Season?
Without effective security, your accounts and workloads in the cloud could possibly be performing Santa-like duties by inadvertently handing out private data. Oh what joy!

The Emperor Has No Network: Risks of a Network-Centric Cloud Security Approach
Modern enterprises are rapidly moving to the cloud. Unfortunately, many are still using a network-centric security approach which is putting them at risk. Here’s how to move away from a network-centric mindset and adopt a cloud approach to be successful in modern environments.

News & Perspectives on Cloud Security

Justice Department accuses Chinese spies of hacking into dozens of US tech and industry giants
The Justice Department has unsealed a damning indictment that links to spies working for the Chinese government an aggressive campaign to hack into U.S. tech and industry giants.

NASA discloses October security breach
In an internal memo, NASA’s chief human capital officer Bob Gibbs has revealed that the agency suffered a security breach a few months ago.

Twitter bug leaks phone number country codes
Twitter  accidentally exposed the ability to pull an account’s phone number country code and whether the account had been locked by Twitter. The concern here is that malicious actors could have used the security flaw to figure out in which countries accounts were based, which could have ramifications for whistleblowers or political dissidents.

Security lapse at Blind revealed private compliance from Silicon Valley employees
Thousands of people trusted Blind, an app-based “anonymous social network,” as a safe way to reveal malfeasance, wrongdoing and improper conduct at their companies.