Swiss Chapter

  • Private Community
 View Only
Back to discussions
Expand all | Collapse all

Weekly Cloud and Security Watch Newsletter #90 - November 15th, 2020 / Newsletter Hebdomadaire Cloud et Sécurité #90 - 15 novembre 2020

  • 1.  Weekly Cloud and Security Watch Newsletter #90 - November 15th, 2020 / Newsletter Hebdomadaire Cloud et Sécurité #90 - 15 novembre 2020

    Posted Nov 17, 2020 02:46:00 PM
    Edited by Olivier Caleff Nov 19, 2020 05:15:10 AM

    Weekly Cloud and Security Watch Newsletter - November 9th to 15th, 2020

    ________________________________________
    Full newsletter with links ⇒ CloudSecurityAlliance.fr/go/KBF/
    ________________________________________

    1 - CSA News and Updates - November 9th to 15th, 2020

    • CCSK training in French: registration for the 23rd/25 session is still open
    • Fill in the CSA survey on Cloud Adoption in 2020
    • News: FIRST 2020 Conference, November 16th/18th
    • Publication: 'Key Management when using Cloud Services'
    • Blog: 'Seven Steps to defining the art of the possible in DevOps
    • Blog: 'California Privacy Rights Act: What Are the Consequences for Cloud Users?'
    • Blog: 'What is cloud security? How is it different from traditional on-premises network security?'

    2 - Cloud and Security News Watch (over 110 links)

    • Must read
      • State of CSP's Encryption Services
      • Kubernetes Maturity Model (Fairwinds)
      • Strategies For Remote Collections of Cloud Data(Fairwinds)
    • Attacks, Incidents, Leaks, Risks, Threats, Vulnerabilities, Outages
      • Attacks: Fake Microsoft Teams updates
      • Leaks: Leaky AWS S3 Bucket Leads to Massive Data Leak
      • Risks : Identification of Hidden Risks (World Economic Forum)
      • Threats: Preventing Exposed Azure Blob Storage (SANS)
      • Vulnerabilities: VoltPillager against Intel SGX Enclaves
      • Outages: Microsoft Outage Affects OneDrive Users
    • Best Practices, and Detection
    • Reports, Surveys, Studies, Publications
      • Reports: 'Kubernetes (K8s) Data Protection Report' (Zettaset) • '2020 Duo Trusted Access Report' (Duo Security) • 2020 update for 'Cloud-Native: The IaaS Adoption and Risk Report' (MacAfee)
    • Cloud Services Providers, Solutions, and Tools
      • AWS: AWS Nitro Enclaves • Lightsail Containers • Securing Amazon WorkSpaces • Integrating CloudEndure Disaster Recovery
      • Azure: Long Term Retention of Azure Sentinel Logs • New DNS Features in Azure Firewall
      • GCP: Ensuring High Availability • Anthos Developer Sandbox • Connecting to Google CE VMs
      • OVH Cloud: Co-building Cloud Services with Google Cloud
      • Kubernetes: Threat Vectors: Part 3 - Persistence (Alcide) • Maturity Model (Fairwinds)
      • Tools: Leonidas (Attack Simulation) • OpenCSPM (CSPM)
    • Conferences, Podcasts, Weekly 'Cloud and Security' Watch
      • Podcasts: 'Open Source AWS Security' (Cloud Security Podcast) • 'Cloud Attack Vectors' (SilverLining)
      • Newsletters: TL;DR Security #60 • The Cloud Security Reading List #63
    • Market, Acquisitions
      • Market: Encryption Services
      • Acquisitions: CloudAlly by Zix • IDMSense by Ernst & Young
    • Miscellaneous
      • Framework Improving Efficiency in Disaster-Area Management

    3 - Agenda

    • November 16th/18th → 32nd FIRST Conference
    • November 18th → Google Cloud Security Talks
    • November 19th → MSSPs and Cloud Security Services: Who Are the Leaders? webcast
    • November 23rd/25th → CCSK / CCSK Plus training in French
    • November 30th to December 18th → AWS re:Invent 2020

    4 - Link

    ________________________________________

    Newsletter Hebdomadaire Cloud et Sécurité - semaine du 9 au 15 novembre 2020

    ________________________________________
    Newsletter complète avec liens ⇒ CloudSecurityAlliance.fr/go/KBF/
    ________________________________________

    1 - Informations CSA 9 au 15 novembre 2020

    • Formation CCSK en Français : il reste des places pour la session des 23, 24 et 25 novembre
    • Répondez au sondage CSA sur l'adoption du Cloud en 2020
    • Actu : Conférence FIRST 2020 du 16 au 18 novembre 2020
    • Publication : 'Key Management when using Cloud Services'
    • Blog : 'Seven Steps to defining the art of the possible in DevOps'
    • Blog : 'California Privacy Rights Act: What Are the Consequences for Cloud Users?'
    • Blog : 'What is cloud security? How is it different from traditional on-premises network security?'

    2 - Veille Web Cloud et Sécurité (plus de 110 liens)

    • À lire
      • Panorama des services de chiffrement des fournisseurs
      • Modèle de aturité Kubernetes (Fairwinds)
      • Principe de collecte de données cloud à distance (Forensics Focus)
    • Attaques, Incidents, Fuites de données, Pannes
      • Attaques : Fausses notifications de correctifs Teams
      • Fuites de données : Buckets AWS S3 encoreà l'origine d'une fuite massive de données
      • Pannes : OneDrive affecté
    • Risques, Menaces, Vulnérabilités
      • Risques : Identification des risques cachés (World Economic Forum)
      • Menaces : prévention contre l'exposition de données avec AWS (SANS)
      • Vulnérabilités : VoltPillager contre les enclaves Intel SGX
    • Bonnes Pratiques et Techniques de Détection
    • Rapports, Sondages, Études, Publications
      • Rapports : 'Kubernetes (K8s) Data Protection Report' (Zettaset) • '2020 Duo Trusted Access Report' (Duo Security) • mise à jour 2020 pour 'Cloud-Native: The IaaS Adoption and Risk Report' (MacAfee)
    • Cloud Services Providers, Solutions et Outils
      • AWS: AWS Nitro Enclaves • Lightsail Containers • Securing Amazon WorkSpaces • Integrating CloudEndure Disaster Recovery
      • Azure: Long Term Retention of Azure Sentinel Logs • New DNS Features in Azure Firewall
      • GCP: Ensuring High Availability • Anthos Developer Sandbox • Connecting to Google CE VMs
      • OVH Cloud: Co-building Cloud Services with Google Cloud
      • Kubernetes : Vecteurs d'attaque : 3ème partie sur la Persistence (Alcide) • Modèle de maturité (Fairwinds)
      • Outils : Leonidas (Simulation d'attaques) • OpenCSPM (CSPM)
    • Conférences, Podcasts, Veilles hebdomadaires 'Cloud et Sécurité'
      • Podcasts : 'Open Source AWS Security' (Cloud Security Podcast) • 'Cloud Attack Vectors' (SilverLining)
      • Veilles : TL;DR Security #60 • The Cloud Security Reading List #63
    • Marché, Acquisitions
      • Marché : Services de chiffrement
      • Acquisitions : CloudAlly par Zix • IDMSense par Ernst & Young
    • Divers
      • Référentiel pour optimiser les Plans de Reprise

    3 - Agenda

    • 16 au 18 novembre → 32ème Conférence FIRST
    • 19 novembre → Webinaire MSSPs and Cloud Security Services: Who Are the Leaders?
    • 18 novembre → Google Cloud Security Talks
    • 23 au 24 / 25 novembre → Formation CCSK / CCSK Plus en français
    • 30 novembre au 18 décembre → AWS re:Invent 2020 en webcast

    4 - Lien direct

    ________________________________________

    ________________________________________
    #Veille #Watch
    ________________________________________


    ------------------------------
    Olivier Caleff - CSA French Chapter - Chapter Leader - [email protected] - https://CloudSecurityAlliance.fr
    ------------------------------​​