Cloud Security This Week – March 1, 2019

New from Lacework

Lacework at RSA
Lacework is going to rock RSA, and we want you to join us! Here’s a guide to all the Lacework parties, sessions, panels, and secrets to getting our sweet swag. Booth #4603 – we’ll be there with the volume cranked up to 11!

Avoiding Container Vulnerabilities
To get a better understanding of potential risks associated with containers and how best to address those risks, we asked security experts the following question: What vulnerabilities do containers create, and how do you protect against them?

Avoiding Limitations of Traditional Security Approaches
Security and compliance experts weight in on how to better understand the differences between the traditional security stack and a layered security strategy. This paper reviews the limitations that enterprises can expect when stitching together multiple security solutions.

VPC Flow Logs Are Not Enough: Modern Environments Require a New Approach to Security
VPC flow logs are not enough, and modern environments require a new approach to cloud security. Here are eleven ways network-based security tools based on VPC logs fall short when transitioning to the cloud.

News & Perspectives on Cloud Security

PCI Compliance in the Public Cloud
Compliance frameworks provide a structure for how enterprises organize and secure their content and resources. Because they are created and governed for the purposes of protection and interoperability, they provide necessary safeguards that help organizations structure their security posture.

Dow Jones’ Watchlist of 2.4 Million High-Risk Individuals Leaked
A watchlist of risky individuals and corporate entities owned by Dow Jones has been exposed, after a company with access to the database left it on a server without a password. 

Cisco Talos Honeypot Analysis Reveals Rise in Attacks on Elasticsearch Clusters
Through ongoing analysis of honeypot traffic, Talos detected an increase in attacks targeting unsecured Elasticsearch clusters. These attacks leverage CVE-2014-3120 and CVE-2015-1427, both of which are only present in old versions of Elasticsearch and exploit the ability to pass scripts to search queries.  

Supermicro Hardware Weaknesses Let Researchers Backdoor an IBM Cloud Server
Research from Eclypsium demonstrates that BMC vulnerabilities can allow a customer to leave a backdoor that will remain active once the server is reassigned. The backdoor leaves the customer open to a variety of attacks, including data theft, denial of service, and ransomware. 

B0r0nt0K Ransomware Infects Linux Servers
A new ransomware called B0r0nt0K is encrypting victim’s web sites and demanding a 20 bitcoin, or approximately $75,000, ransom. This ransomware is known to infect Linux servers, but may also be able to encrypt users running Windows.