Weekly Cloud and Security Watch Newsletter - November 16th to 22nd, 2020
________________________________________
Full newsletter with links ⇒
CloudSecurityAlliance.fr/go/KBM/
________________________________________
1 - CSA News and Updates - November 16th to 22th, 2020
- News: CSA 'CloudBytes Connect: From the SOC to the Boardroom' in February 2021
- Blog: 'Rent to Pwn the Blockchain - 51% Attacks Made Easy'
- Blog: 'CCSK Success Stories: Common Pitfalls in Managing Outsourced Cloud Projects'
- Blog: 'Circle - The Most Vital Cybersecurity Community'
- Publication: 'The 2020 State of Identity Security in the Cloud'
2 - Cloud and Security News Watch (over 90 links)
- Must read
- Learning from AWS (Customer) Security Incidents
- Mind Map for AWS Investigations (Expel)
- Attacks, Incidents, Leaks, Outages
- Attacks: O365 Phishing Campaign
- Risks, Threats, Vulnerabilities
- Vulnerabilities: Information Leakage in AWS Resource-Based Policy APIs (Palo Alto Networks) • Insecure APIs (Optiv)
- Best Practices, and Detection
- Best Practices: Azure AD Attack and Defense Playbook (Thomas Naunheim) • OpenShift Runtime Security (StakRox) • AKS Security Workbook (Micosoft Azure)
- Reports, Surveys, Studies, Publications
- Reports: '2020 Ransomware Resiliency Report' (Veritas) • '2020 Cloud Migration Trends Report' (amdocs) • 'Cloud-driven Identities' (Divvy Cloud) • '2020 Cloud Security Report' (Bitglass) • '2020 Global State of the Channel Ransomware' (Datto)
- Surveys: CNCF Survey
- Studies: 'Cybercriminal Cloud of Logs' (Trend Micro)
- Publications: 'Cloud Native Security' White Paper (CNCF)
- Cloud Services Providers, Solutions, and Tools
- AWS: Launch of 'AWS Network Firewall' • AWS IAM
- Azure: Priority Accounts in M365 • Global Network Reliability
- GCP: Securing the Container Supply Chain • Developer's Guide to GKE
- Containers: Privileged Container Escape
- Workloads: Security Features of AWS (Intezer) • Workload Protection (Carbon Black)
- Tools: BloodHound 4.0 • IAMFinder (Palo Alto Networks) • Zero Trust Network Security for Kubernetes (Sysdig)
- Conferences, Podcasts, Weekly 'Cloud and Security' Watch
- Podcasts: 'Digital Risk Protection' • 'Government's Cloud Anxiety'
- Newsletters: TL;DR Security #61 • The Cloud Security Reading List #64
- Market, Acquisitions
- Miscellaneous
- GAIA-X • Cloud Computing Contracts in France • Glossary
3 - Agenda
- November 23rd/25th → CCSK / CCSK Plus training in French
- November 30th to December 18th → AWS re:Invent 2020
4 - Link
________________________________________
------------------------------
Olivier Caleff - CSA French Chapter - Chapter Leader -
[email protected] -
https://CloudSecurityAlliance.fr------------------------------