Cloud Security This Week – November 3, 2017

Some new perspectives on cloud security this week…or perhaps it’s more accurate to say that the we’re seeing more support and focus on how to develop and implement strategies for it. The team is providing a variety of resources to help organizations configure and protect their AWS S3 buckets, evolve from legacy security policies, and create a more realistic approach to cloud security.

The news brings more strains of malware and other attacks, along with information on efforts by organizations to isolate them and guard against future hacks.

New from
WEBINAR – AWS S3 Security: Your 1 Week Action Plan
Thursday | November 16, 2017 | 10:00 am PDT, 1:00 pm EDT
Join for this webinar about how to secure your AWS environment and prevent S3 breaches.

One Team Dedicated to Your Enterprise Security and Compliance has a team of cloud security experts who support customers with the ongoing efforts to reduce vulnerabilities and potential threats to your enterprise. These Application Support Engineers and Technical Account Managers provide expert service and help organizations successfully apply security and compliance controls with ESP.

Let’s Skip the Security Theater
Quite often, our approach to security is like our approach to documenting our lives on Instagram; it looks fabulous, but it’s not truly representative of reality. Here’s a better approach: let’s actually make progress on getting our environments to a secure state.

Jurassic Cloud
The overall IT landscape has become more complex with the introduction of the cloud and DevOps into enterprise environments that need to support both legacy and new systems. But, tools often don’t work the same way in the cloud as they did in your datacenter. Surviving legacy tools can keep you in the prehistoric computing age, and cause your environment to become a Jurassic Cloud.

ESP @ Work: HIPAA and NIST Compliance for State and Local Education
The Evident Security Platform’s flexible custom control checks and one-click compliance reports enable Internationally recognized Medical School to reduce risk, simplify audits, and achieve HIPAA and NIST compliance validation.

News and Perspectives on Cloud Security
Attack of the Week: DUHK
An interesting report about DUHK (Don’t Use Hard-coded Keys), a vulnerability that affects devices using the ANSI X9.31 Random Number Generator (RNG) in conjunction with a hard-coded seed key.

More Reaper Malware
Krebs breaks down the new IoT malware strain called “Reaper” which infected more than a million organizations by targeting newfound security weaknesses in countless Internet routers, security cameras and digital video recorders (DVRs).

Silence – A New Trojan Attacking Financial Organizations
Hackers have been discovered to be using a known but still very effective technique: gaining persistent access to an internal banking network for a long period of time, making video recordings of the day to day activity on bank employees’ PCs, learning how things works in their target banks, what software is being used, and then using that knowledge to steal as much money as possible when ready.