Cloud Security This Week – March 22, 2019

New from Lacework

Integrating DevOps and Security
While DevOps emphasizes speed, it has not always necessarily focused as much on security. Learn the three key practices that are critical to integrating the processes and mindsets of DevOps and SecOps.

Triaging a CryptoSink Infection in 5 Minutes with Lacework
When triaging an alert, a security analyst needs to quickly and accurately determine if it’s a true positive and decide upon next steps.

The Cloud’s Unique Security Challenges
Deploying workloads into the cloud can quickly involve complex sets of microservices and serverless instances that function in fluid architectures that change every few minutes or seconds, creating a constantly changing security environment.

What are Your Public Cloud Security Risks?
While businesses certainly take the concept of cloud security very seriously, in actual practice, the ease and speed with which they can deploy workloads often outweighs the security implications of doing so. But that’s not the only challenge to securing cloud assets.

News & Perspectives on Cloud Security

Kanopy Exposed Users’ Viewing Habits
On-demand video-streaming site Kanopy has fixed a leaking Elasticsearch database that exposed the detailed viewing habits of its users. The server contained between 25-40 million daily logs, which could have identified all the videos searched for and watched from a user’s IP address.

Facebook Stored Hundreds of Millions of User Passwords in Plain Text for Years
Krebs reports that hundreds of millions of Facebook users had their account passwords stored in plain text and searchable by thousands of Facebook employees — in some cases going back to 2012.

Meditab Exposed Massive Store of Medical Records & Prescriptions
Healthcare company Meditab was leaking thousands of doctor’s notes, medical records, and prescriptions daily after a security lapse left a server without a password.

Google Photos Vulnerability Let Hackers Track Your Friends and Location History
A now-patched vulnerability in the web version of Google Photos allowed  malicious websites to expose where, when, and with whom your photos were taken.