Cloud Security This Week – November 30, 2018

 
At the risk of sounding like an alarmist, the fact is that this week was an absolute doozy for security-watchers. Leading off with the massive breach of 500 million Starwood customer records, to evidence that NSA hacking tools are still being used for nefarious purposes, it makes one question if we’re getting any better at protecting our data, our customers, and our organizations. 
 
Have a look at the especially large line up news and analysis of this week of breaches, and then check out some of Lacework’s recommendations for public cloud security. Stay safe out there…
 

New from Lacework

This is the first in a series that looks at a sample malicious Executable and Linkable Format (ELF) file, the common executable file format for Unix and Unix-like Operating Systems, and explores the inner workings of it.

Next Generation Firewall is Your Grandfather’s Generation in the Cloud
Lacework’s co-founder and chief product officer, Sanjay Kalra, looks at the evolution of enterprise security approaches and finds the overly-touted concept of the “next generation firewall” sorely lacking.

Lacework & Snowflake: Security Insights in a High Growth Cloud Environment
Lacework and Snowflake Computing are innovators in their respective markets; data warehousing and security for public cloud. This webcast replay shows how, working together, they deliver powerful and actionable security insights, combined with the most flexible, scalable, easy to use data warehouse on the planet.

 

News and Perspectives on Cloud Security

“Marriott learned during the investigation that there had been unauthorized access to the Starwood network since 2014,” said the statement. “Marriott recently discovered that an unauthorized party had copied and encrypted information, and took steps towards removing it.”
 
The company says it detected an intrusion at the start of the month, but financial data was not exposed.
 
Data belonging to 32 million customers of SKY Brasil has been exposed online long enough to make their theft very likely, an independent security researcher discovered.
 
A serious vulnerability in Zoom’s desktop conferencing application could allow a remote attacker to hijack screen controls and kick attendees out of meetings.
 
A huge database with over 114 million records of US citizens and companies has been discovered sitting online unprotected. The number of individuals impacted by the exposure is estimated to almost 83 million.  NSA Tool Allows Hackers to Hijack Computers More than a year after patches were released to thwart powerful NSA exploits that leaked online, hundreds of thousands of computers are unpatched and vulnerable.
 
The donut chain was notified of a security breach on Oct. 31 that included hackers attempting to log into DD Perks accounts, according to a statement posted to their website.