Cloud Security This Week – October 26, 2018

New from Lacework
It’s important for a security strategy to pay attention to the different pieces of the cloud stack and address their unique security needs with the following approach and actions.
Learn why cryptocurrency mining is a threat, how a hostile takeover can happen in your cloud workloads, and how to detect it early.
10 Reasons VPC Flow Logs Won’t Keep Your Cloud Secure

From inability to scale, to creation of false positives, and limits on file integrity monitoring, here are ten reasons why VPC flow logs just won’t keep your cloud secure.
Containers At-Risk: A Review of 21,000 Cloud Environments

In early June 2018, Lacework discovered more than 21,000 container orchestration and API management systems on the Internet, and these results highlight the potential for attack points caused by poorly configured resources, lack of credentials, and the use of non-secure protocols. This report details our findings.


News and Perspectives on Cloud Security
Cathay Pacific, one of the main airlines in Hong Kong, says records on as many as 9.4 million passengers may have been stolen in a data breach. The data includes passenger names, dates of birth, nationalities, phone numbers, email and postal addresses, and passport and identity card numbers.
Two hackers who stole millions of users’ data from ride-hailing firm Uber have been indicted on separate hacking charges related to a data breach at online learning portal Lynda.
LinkedIn’s training site is notifying users of a database breach that includes the passwords of just under 55,000 accounts. All those passwords were “cryptographically salted and hashed” to prevent access.
According to a report authored by security researcher Narendra Shinde, since May, 2016, the X.Org Server package had contained a vulnerability that allowed attackers to either elevate privileges and/or overwrite any files on the local system, even crucial OS data.



Suggested for you