Cloud Security This Week – October 19, 2018

 
New from Lacework
Insight into a honeypot experiment conducted by Lacework where we created a Redis honeypot. In our monitoring, we detected a cryptocurrency mining botnet that compromised the server by exploiting a Lua vulnerability. We explain the experiment framework and what we discovered.
 
Video of a presentation given by Rakesh Sachdeva (member of Lacework’s engineering team) to the Bay Area Cloud Security, Compliance, and Automation Meetup group.
 
Redis Compromise: Lacework Detection

Dan Hubbard, our Chief Product Officer, goes into detail about how to interpret our Redis honeypot experiment. Specifically, he explains the importance of understanding risks and threats when securing the public cloud.
 
The New Security Stack

Network security vendors are trying to play catch-up, so they’re buying their way into relevance. But cobbling together multiple products through company acquisitions is not creating better security for customers. Purpose-built solutions for the cloud are the only thing that works for the public cloud. Here’s what it looks like.

 

News and Perspectives on Cloud Security
Because of the massive shortage of cybersecurity professionals today, it’s more critical than ever for historically underrepresented demographics to help fill the need.
 
The recent Facebook breach that hit 30 million accounts was caused by spammers — not by a nation-state attack group — according to a report by the Wall Street Journal.
 
A great, in-depth review from Wired about how 30 million accounts were hacked. A combination of social engineering and capitalizing on Facebook vulnerabilities led to the biggest attack in the company’s history.
 
Tumblr today published a report admitting the presence of a security vulnerability in its website that could have allowed hackers to steal login credentials and other private information for users’ accounts.