The Inner Circle

Weekly Cloud and Security Watch Newsletter - July 19th, 2020

  • 1.  Weekly Cloud and Security Watch Newsletter - July 19th, 2020

    Posted 19 days ago
    Edited by Olivier Caleff 17 days ago

    Weekly Cloud and Security Watch Newsletter - July 13th to 19th, 2020

    Full newletter with links ⇒ CloudSecurityAlliance.fr/go/K7J/
    ________________________________________

    1 - CSA News and Updates - July 13th to 19th, 2020

    • Blog: Privacy Shield Invalidated
    • Blog: 'Abusing Privilege Escalation in Salesforce Using APEX'
    • Conférence: Feedback on the online 'fwd:cloudsec 2020' Conference
    • Publication: 'Hybrid Cloud and Its Associated Risks'
    • Blog: 'Creating an Integrated Security System with the CSA STAR Program'
    • Peer Review: Ajout 'ABS CCIG' à la CCM

    2 - Cloud and Security News Watch (over 100 links)

    • Must read
      • Privacy Shield Invalidated by the European Court of Justice
    • Alerts, Attacks and Threats
      • Alerts: Kubernetes Node Storage-based DoS Vulnerability (CVE-2020-8557), New Attack Technique Uses Misconfigured Docker API, Zoom Vanity URL issue
      • Attacks: Ransomware attack against Blackbaud
      • Some Cloud Threats(Tripwire)
    • Outages
      • Cloudflare
    • Miscellaneous
      • Additional Cloud and Security Weekly Watch: 'TL;DR Security' and 'The Cloud Security Reading List
      • Podcast: 'Operational Technology vs. Information Technology'
      • AWS: Retroactive encryption in S3
      • Azure: Updates in protection for Azure Storage, O365 Admin Resources (Varonis)
      • GCP: OnAir conference, Confidential VMs, Assured Workloads for Government
      • Containers: Risks analysis (Tripwire)
      • Kubernetes: Best Practices for Securing (Intezer), New Security Framework (Portshift), Threats persistence (StackRox), Problématiques de sécurité (Sentinel One)
      • Tools: Canary Tokens (Honeypot), Docker for Pentest, Kubebox
      • Oddities: looking for an expert with 12 years experience with Kubernetes

    3 - Agenda

    • July 2020
      • 22nd → 'CSA Federal Summit 2020' : "The Resurgence of Cloud"
      • 28th → Call for comments deadline for "Cloud OS Security Specification v2.0"
      • 29th → 'CSA Federal Summit 2020' : "Security Automation Simplified with Open Security Controls Assessment Language"
    • August 2020
      • 19th / 20th → 'CSA CloudCon 2020' • Grand Rapids, Michigan
      • 31st → Deadline for the CSA call for proposal for the CSA EMEA 2020 Congress
      • 31st and next → CCSK / CCSK Plus training in French

    4 - Link

    CloudSecurityAlliance.fr/go/K7J/
    ________________________________________

    ________________________________________
    #Watch #Newsletter
    ________________________________________

    ------------------------------
    Olivier Caleff - CSA French Chapter - Chapter Leader - olivier.caleff@cloudsecurityalliance.fr - https://CloudSecurityAlliance.fr
    ------------------------------​​​