Cloud Security This Week – February 22, 2019

New from Lacework

Lacework Extends Multicloud Support With Workload And Account Security For Google Cloud Platform
Lacework has released a new version that provides support for Google Cloud Platform (GCP) and Google Kubernetes Engine (GKE). This latest version allows customers to apply threat detection and deep visibility into cloud events for workloads and accounts across multiple platforms, including GCP, Amazon Web Services (AWS), Microsoft Azure, Kubernetes, Docker, and others. 

Lacework for GCP: Security for Orchestration, Multicloud, and Kubernetes
Support for GCP,  Kubernetes and Google Kubernetes Engine (GKE) – the latest release from Lacework extends security management for all the major cloud platform vendors and for the increasingly popular drive to containers. 

VPC Flow Logs Are Not Enough: Modern Environments Require a New Approach to Security
VPC flow logs are not enough, and modern environments require a new approach to cloud security. Here are eleven ways network-based security tools based on VPC logs fall short when transitioning to the cloud.

Lacework for Azure & Multicloud Environments
Here’s how Lacework spans the three critical segments for cloud security: configuration & compliance, container security, and anomaly detection.

News & Perspectives on Cloud Security

Almost Half A Million Delhi Citizens’ Personal Data Exposed Online
A security researcher has discovered a 4.1 GB-sized highly sensitive database online, named “GNCTD,” containing information collected on 458,388 individuals located in Delhi, including their Aadhaar numbers and voter ID numbers.

Wendy’s Reaches $50M Settlement After Breach
The aftermath of a 2015 breach of Wendy has resulted in a settlement by the fast-food company for consumers and financial institutions who filed class-action lawsuits against Wendy’s, alleging that it had failed to properly secure its systems or notify customers and institutions that it had been breached.

Exposed MongoDB Used for Facial Recognition Abuse
A security researcher has discovered an exposed MongoDB used for the purposes of tracking the Uyghur Muslim minority in China. The exposed archive contains data of about 2,565,724 users, including names, ID card numbers, sex, nationality, ID card’s issue and expiration dates, home addresses, photographs, date-of-birth, and employment information as well as GPS coordinates.

ClassPass, Gyfcat, StreetEasy All Targeted in Mass Hacks
The same hacker who was responsible for selling a stash of 750 million records with PII has struck again with stolen data from a variety of well-known websites and apps, including MyFitnessPal, Coffee Meets Bagel, House, and others.