Cloud Security This Week – October 20, 2017

Everything about cyberattacks are insidious, but two significant attacks reported this week highlight just how hard it is to be vigilant. The KRACK issue brings into questions about trust of protocols validated by standards bodies, and the ROCA attack preys upon issues with semiconductors. Unless you’re looking, these are two things you’re unlikely to find with manual efforts, partly because you probably wouldn’t even know you’re supposed to look for them.

We published our thoughts on the KRACK attack, along with recommendations for applying the learning from National Cybersecurity Awareness Month into your everyday security practices. One of our customers, a fashion retailer, is profiled, and we invite you to get CloudFit in our next webinar.

New from
ESP @ Work: Improving Customer Experience with Security at a Leading Fashion Retailer
A leading American fashion retailer partners with to provide improved customer experience with ESP, gaining visibility awareness and control of their AWS infrastructure. Learn more about their journey.

Aware and Prepared: The Importance of National Cyber Security Awareness Month
October is National Cyber Security Awareness Month (NCSAM), an effort by the Department of Homeland Security to encourage awareness and best practices around the protection of data and digital assets. Learn how to be cyberaware and prepared to protect your data and cloud.

Trust, But Verify: The Magnitude and Relevance of KRACK
The news of the potential vulnerabilities around key reinstallation attacks (KRACK) led to major concerns about the WPA2 protocol and Wi-Fi risk in general.

WEBINAR: Get CloudFit – Top 11 AWS Best Practices for Cloud Security
Join’s Marco Genovese as he coaches cloud security teams through the top eleven most important security practices designed to improve your cloud’s overall security and fitness in the shortest time possible.

News and Perspectives on Cloud Security
WPA2 Security Flaw Puts Almost Every Wi-Fi Device At Risk of Hijack, Eavesdropping
It was discovered that a bug known as Key Reinstallation Attack (KRACK) exposes a fundamental flaw in WPA2, a common protocol used in securing most Wi-Fi networks.

Hybrid Cloud Security Challenges Remain Tough to Overcome
While hybrid cloud continues to offer significant benefits to the enterprise, it also demands a cohesive security strategy that bridges on-prem and cloud-based systems.

Serious Crypto-Flaw Lets Hackers Recover Private RSA Keys Used in Billions of Devices
Microsoft, Google, Lenovo, HP and Fujitsu are warning their customers of a potentially serious vulnerability in widely used RSA cryptographic library produced by German semiconductor manufacturer Infineon Technologies in what is being called ROCA (Return of Coppersmith’s Attack).

Spyware Served From Equifax Support Site
Yeah, they’re in the news again (still…?). Earlier this week it was discovered that Equifax’s website was hacked by serving fraudulent Adobe Flash updates, which had the potential to infect the computers of site visitors with adware that could only be deteced by three of 65 antivirus providers.