Cloud Security This Week – December 14, 2018

New from Lacework

AWS Spot Instance and Cloud Security
All cloud providers have some type of a compute product offering which lets the user bid for the resource they need to complete or for more tasks. Amazon web services has led the way, offering a low cost EC2 usage option called Spot Instance. The model is unusual in the sense that tests the true limits of fault tolerance and unexpected interruptions in a software.

Cloud, Compliance & the Death of the IT Checklist
Organizations that aren’t using automation as part of their compliance posture have only limited visibility and put their businesses at great potential risk. With an effective multicloud strategy that uses compliance and automation, organizations can cover and protect the resources under their responsibility.

Cybersecurity Predictions for 2019
“This year has already seen an alarming amount of malicious cryptomining activity and we can expect the next evolution of crypto attacks to focus on more than just that.”


News and Perspectives on Cloud Security

Facebook bug exposed up to 6.8M users’ unposted photos to apps
Reset the “days since the last Facebook  privacy scandal” counter, as Facebook has just revealed a Photo API bug gave app developers too much access to the photos of up to 5.6 million users.

Chinese hackers targeting U.S. Navy contractors with multiple breaches
Chinese hackers are breaching Navy contractors to steal everything from ship-maintenance data to missile plans, officials and experts said, triggering a top-to-bottom review of cyber vulnerabilities.

Microsoft Issues Patch for Windows Zero-Day Flaw Under Active Attack
One of the security vulnerabilities patched by the tech giant this month is listed as publicly known at the time of release, and one is a zero-day reported as being actively exploited in the wild by multiple hacking groups, including FruityArmor and SandCat APTs.

Exploit Code for the Kubernetes Flaw Is Now Available
The recently disclosed critical-impact bug in Kubernetes created strong ripples in the security space of the container-orchestration system. Now, multiple demo exploits exist and come with easy-to-understand explanations.